{ config, lib, pkgs, ... }: let cfg = config.nix.ssh-agent; in { options.nix.ssh-agent = { sock = lib.mkOption { description = "SSH agent socket for Nix to use"; default = "/run/user/1000/ssh-agent"; type = lib.types.str; }; }; config = lib.mkIf (cfg.sock != null) { systemd.services.ssh-agent-nix-proxy = { wantedBy = [ "nix-daemon.service" ]; partOf = [ "nix-daemon.service" ]; serviceConfig = { ExecStart = "${pkgs.socat}/bin/socat UNIX-LISTEN:/run/nix-ssh-agent,mode=770,group=nixbld,user=root,reuseaddr,fork UNIX-CONNECT:${cfg.sock}"; Restart = "always"; }; }; systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = "/run/nix-ssh-agent"; }; }