From ad2924a204c8d3611e5aaabfa67b69b365f99784 Mon Sep 17 00:00:00 2001
From: Nickolaj Jepsen <nickolaj@fireproof.website>
Date: Fri, 24 Oct 2025 08:16:19 +0200
Subject: [PATCH] feat: add systemd service to register ssh-keys

---
 modules/base/ssh.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/modules/base/ssh.nix b/modules/base/ssh.nix
index 86dfece..d52e17d 100644
--- a/modules/base/ssh.nix
+++ b/modules/base/ssh.nix
@@ -1,5 +1,6 @@
 {
   config,
+  pkgs,
   username,
   hostname,
   lib,
@@ -20,6 +21,7 @@ in {
     mode = "0600";
     owner = username;
   };
+  
   fireproof.home-manager = {
     home.file.".ssh/id_ed25519.pub".source = ../../secrets/hosts + ("/" + hostname) + "/id_ed25519.pub";
     programs.ssh = {
@@ -79,5 +81,21 @@ in {
     settings.KbdInteractiveAuthentication = false;
   };
 
+  systemd.user.services."add-ssh-keys" = {
+    description = "Add SSH keys to ssh-agent";
+    after = [ "network.target" "ssh-agent.service" ];
+    requires = [ "ssh-agent.service" ];
+    wantedBy = [ "default.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStartPre=''
+       ${pkgs.coreutils}/bin/sleep 5
+      '';
+      ExecStart = ''
+        ${pkgs.openssh}/bin/ssh-add -q ${config.age.secrets.ssh-key-ao.path}
+      '';
+    };
+  };
+
   users.users.${username}.openssh.authorizedKeys.keys = publicKeys;
 }