From 0be5b92ee226c89f5b4a5ed3df5204807808f825 Mon Sep 17 00:00:00 2001
From: Anton Livaja <anton@livaja.me>
Date: Mon, 3 Mar 2025 10:22:34 -0800
Subject: [PATCH] add rw/config/rc.local for ssh

---
 qubes/rw/config/rc.local | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 qubes/rw/config/rc.local

diff --git a/qubes/rw/config/rc.local b/qubes/rw/config/rc.local
new file mode 100644
index 0000000..e798244
--- /dev/null
+++ b/qubes/rw/config/rc.local
@@ -0,0 +1,10 @@
+# SPLIT SSH CONFIGURATION >>>
+# replace "vault" with your AppVM name which stores the ssh private key(s)
+SSH_VAULT_VM="vault"
+
+if [ "$SSH_VAULT_VM" != "" ]; then
+  export SSH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
+  rm -f "$SSH_SOCK"
+  sudo -u user /bin/sh -c "umask 177 && exec socat 'UNIX-LISTEN:$SSH_SOCK,fork' 'EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent'" &
+fi
+# <<< SPLIT SSH CONFIGURATION