nixfiles/modules/nix-ssh-agent.nix

{
  config,
  lib,
  pkgs,
  ...
}: let
  cfg = config.nix.ssh-agent;
in {
  options.nix.ssh-agent = {
    sock = lib.mkOption {
      description = "SSH agent socket for Nix to use";
      default = "/run/user/1000/ssh-agent";
      type = lib.types.str;
    };
  };

  config = lib.mkIf (cfg.sock != null) {
    # systemd.services.ssh-agent-nix-proxy = {
    #   wantedBy = [ "nix-daemon.service" ];
    #   partOf = [ "nix-daemon.service" ];
    #   serviceConfig = {
    #     ExecStart = "${pkgs.socat}/bin/socat UNIX-LISTEN:/run/nix-ssh-agent,mode=770,group=nixbld,user=root,reuseaddr,fork UNIX-CONNECT:${cfg.sock}";
    #     Restart = "always";
    #   };
    # };

    # systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = "/run/nix-ssh-agent";
    systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = cfg.sock;
  };
}