From 838ac9015cf87cc24eff37bd38db3a7810ea00b0 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@distrust.co>
Date: Fri, 20 Dec 2024 17:06:02 -0800
Subject: [PATCH] add qubes ssh setup

---
 qubes/.config/systemd/user/qubes-ssh-socket.service | 10 ++++++++++
 qubes/.local/bin/qubes-ssh-socket                   | 12 ++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 qubes/.config/systemd/user/qubes-ssh-socket.service
 create mode 100755 qubes/.local/bin/qubes-ssh-socket

diff --git a/qubes/.config/systemd/user/qubes-ssh-socket.service b/qubes/.config/systemd/user/qubes-ssh-socket.service
new file mode 100644
index 0000000..0051981
--- /dev/null
+++ b/qubes/.config/systemd/user/qubes-ssh-socket.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Run a SSH proxy socket to another QubesOS VM
+
+[Service]
+Environment=SSH_VAULT_VM=vault
+ExecStart=%h/.local/bin/qubes-ssh-socket
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/qubes/.local/bin/qubes-ssh-socket b/qubes/.local/bin/qubes-ssh-socket
new file mode 100755
index 0000000..ff1fb3d
--- /dev/null
+++ b/qubes/.local/bin/qubes-ssh-socket
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+export SSH_VAULT_VM="${SSH_VAULT_VM:-vault}"
+export SSH_AUTH_SOCK="/home/${USER}/.SSH_AGENT_${SSH_VAULT_VM}"
+
+rm -f "$SSH_AUTH_SOCK"
+
+umask 177
+socat \
+  "UNIX-LISTEN:${SSH_AUTH_SOCK},fork" \
+  "EXEC:qrexec-client-vm ${SSH_VAULT_VM} qubes.SshAgent"