sync

hosts/wsl2/default.nix

@@ -30,16 +30,16 @@
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
   sops.secrets.example_key = {};
 
-#   environment.systemPackages =
+  environment.systemPackages =
-#     [ pkgs.socat  
+    [ pkgs.socat  
-#       pkgs.npiperelay 
+      pkgs.npiperelay 
-#       pkgs.wsl-ssh-agent-forward];
+      pkgs.wsl-ssh-agent-relay];
 
 
-# nixpkgs.config.packageOverrides = pkgs: with pkgs; rec {
+nixpkgs.config.packageOverrides = pkgs: with pkgs; rec {
-#       npiperelay = callPackage ../../pkgs/npiperelay { };
+      npiperelay = callPackage ../../pkgs/npiperelay { };
-#       wsl-ssh-agent-forward = callPackage ../../pkgs/wsl-ssh-agent-forward { };
+      wsl-ssh-agent-relay = callPackage ../../pkgs/wsl-ssh-agent-relay { };
-#  };
+ };
 
 
 

modules/home-manager/sstent.nix

@@ -79,8 +79,9 @@ programs = {
         if [ -e /home/sstent/.nix-profile/etc/profile.d/nix.sh ]; then . /home/sstent/.nix-profile/etc/profile.d/nix.sh; fi # added by Nix installer
         
         #keybase service &
-        # Configure ssh forwarding
+
-        . wsl-ssh-agent-forwarder
+        wsl-ssh-agent-relay start
+        export SSH_AUTH_SOCK=${HOME}/.ssh/wsl-ssh-agent.sock
         ssh-add -l
 
       '';

pkgs/wsl-ssh-agent-forward/wsl-ssh-agent-forward.sh

@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-# Usage: wsl-ssh-agent-forward [ -k | -r ]
-# Options:
-#    -k    Kill the current process (if exists) and do not restart it.
-#    -r    Kill the current process (if exists) and restart it.
-# Default operation is to start a process only if it does not exist.
-
-export SSH_AUTH_SOCK=$HOME/.ssh/agent.sock
-
-sshpid=$(ss -ap | grep "$SSH_AUTH_SOCK")
-if [ "$1" = "-k" ] || [ "$1" = "-r" ]; then
-    sshpid=${sshpid//*pid=/}
-    sshpid=${sshpid%%,*}
-    if [ -n "${sshpid}" ]; then
-        kill "${sshpid}"
-    else
-        echo "'socat' not found or PID not found"
-    fi
-    if [ "$1" = "-k" ]; then
-        exit
-    fi
-    unset sshpid
-fi
-
-if [ -z "${sshpid}" ]; then
-    rm -f $SSH_AUTH_SOCK
-    ( setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork & ) >/dev/null 
-fi

pkgs/wsl-ssh-agent-relay/default.nix

@@ -1,24 +1,24 @@
 { lib, stdenv, pkgs }:
 
 stdenv.mkDerivation rec {
-  name = "wsl-ssh-agent-forward";
+  name = "wsl-ssh-agent-relay";
   version = "0.1";
-  src = ./wsl-ssh-agent-forward.sh;
+  src = ./wsl-ssh-agent-relay.sh;
   nativeBuildInputs = [pkgs.makeWrapper];
   # phases = ["installPhase" ];
     unpackCmd = ''
       # $curSrc is the variable that contains the path to our source.
-      mkdir wsl-ssh-agent-forward-src
+      mkdir wsl-ssh-agent-relay-src
 
       # We rename the file here, because when nix adds files to the
       # store it adds a hash, which obviously we don't want for our
       # shell script.
-      cp $curSrc wsl-ssh-agent-forward-src/wsl-ssh-agent-forward.sh
+      cp $curSrc wsl-ssh-agent-relay-src/wsl-ssh-agent-relay
     '';
 
   installPhase = ''
-  install -Dm755 wsl-ssh-agent-forward.sh $out/bin/wsl-ssh-agent-forward.sh
+  install -Dm755 wsl-ssh-agent-relay $out/bin/wsl-ssh-agent-relay
-  wrapProgram $out/bin/wsl-ssh-agent-forward.sh --prefix PATH : $out/bin
+  wrapProgram $out/bin/wsl-ssh-agent-relay --prefix PATH : $out/bin
   '';
 
 

pkgs/wsl-ssh-agent-relay/wsl-ssh-agent-relay

@@ -0,0 +1,180 @@
+#!/bin/bash
+
+#### Add following lines to your shell rc file (.zshrc .bashrc)
+# ${HOME}/.local/bin/wsl-ssh-agent-relay start
+# export SSH_AUTH_SOCK=${HOME}/.ssh/wsl-ssh-agent.sock
+
+# If you do not want the ssh agent relay require your ssh agent
+# to be running at the time relay is started add the option -s
+# to wsl-ssh-agent-relay.
+
+# For debugging startup problems uncomment next line
+# exec 2> >(tee -a -i "$HOME/error.log")
+
+#### Assuming ~/winhome links to %USERPROFILE on Windows side
+RELAY_BIN="npiperelay.exe"
+
+PIDFILE="${HOME}/.ssh/wsl-ssh-agent-relay.pid"
+WSL_AGENT_SSH_SOCK="${HOME}/.ssh/wsl-ssh-agent.sock"
+
+log() {
+    echo >&2 "$@"
+}
+
+is_pid_running() {
+    if [[ -z "$1" ]]; then
+        return 1
+    fi
+    ps -p "$1" >/dev/null
+    return $?
+}
+
+_cleanup() {
+    log "Cleaning up relay to ${WSL_AGENT_SSH_SOCK}..."
+    if is_pid_running "${SOCAT_WSL_AGENT_SSH_PID}"; then
+        kill -SIGTERM "${SOCAT_WSL_AGENT_SSH_PID}" || log "Failed."
+    fi
+}
+
+die() {
+    if [[ -n "$1" ]]; then
+        log "$1"
+    fi
+    log "Exiting."
+    exit 1
+}
+
+usage() {
+    log "Usage: wsl-ssh-agent-relay [OPTIONS] COMMAND"
+    log ""
+    log "  SUMMARY: Relay Windows openssh named pipe to local SSH socket in order to integrate WSL2 and host."
+    log "           To debug use foreground command"
+    log ""
+    log "  OPTIONS:"
+    log "    -h|--help          this page"
+    log ""
+    log "    -v|--verbose       verbose mode"
+    log ""
+    log "    -s|--skip-test     skip ssh-agent communication test"
+    log ""
+    log "  COMMAND: start, stop, foreground"
+}
+
+fg_opts() {
+    FG_OPTS=()
+    # Generate opts for passing it to foreground version
+    if [[ -n "$VERBOSE" ]]; then
+        FG_OPTS+=("-v")
+    fi
+    if [[ -n "$NO_COM_TEST" ]]; then
+        FG_OPTS+=("-c")
+    fi
+}
+
+main() {
+
+    POSITIONAL=()
+    VERBOSE=""
+    SKIP_SSH_TEST=""
+    while (($# > 0)); do
+        case "$1" in
+        -v | --verbose)
+            VERBOSE="ENABLED"
+            shift # shift once since flags have no values
+            ;;
+
+        -s | --skip-test)
+            SKIP_SSH_TEST="TRUE"
+            shift
+            ;;
+
+        -h | --help)
+            usage
+            exit 0
+            ;;
+
+        *) # unknown flag/switch
+            POSITIONAL+=("$1")
+            shift
+            if [[ "${#POSITIONAL[@]}" -gt 1 ]]; then
+                usage
+                die
+            fi
+            ;;
+        esac
+    done
+
+    set -- "${POSITIONAL[@]}" # restore positional params
+
+    if [[ -z "$VERBOSE" ]]; then
+        QUIET="QUIET"
+    fi
+
+    case "${POSITIONAL[0]}" in
+    start)
+        fg_opts
+        start-stop-daemon --start --oknodo --pidfile "${PIDFILE}" --name wsl-ssh-agent-r --make-pidfile --background --startas "$0" ${VERBOSE:+--verbose} ${QUIET:+--quiet} -- foreground "${FG_OPTS[@]}"
+        ;;
+
+    stop)
+        start-stop-daemon --pidfile "${PIDFILE}" --stop --remove-pidfile ${VERBOSE:+--verbose} ${QUIET:+--quiet}
+        ;;
+
+    status)
+        start-stop-daemon --pidfile "${PIDFILE}" --status ${VERBOSE:+--verbose} ${QUIET:+--quiet}
+        local result=$?
+        case $result in
+        0) log "$0 is running" ;;
+        1 | 3) log "$0 is not running" ;;
+        4) log "$0 unable to determine status" ;;
+        esac
+        return $result
+        ;;
+
+    foreground)
+        relay
+        ;;
+
+    *)
+        usage
+        die
+        ;;
+    esac
+}
+
+relay() {
+
+    trap _cleanup EXIT
+
+    [[ -f "${RELAY_BIN}" ]] || die "Unable to access ${RELAY_BIN}"
+
+    if pgrep -fx "^ssh-agent\s.+" >/dev/null; then
+        log "Killing previously started local ssh-agent..."
+        SSH_AGENT_PID="$(pidof ssh-agent)" ssh-agent -k >/dev/null 2>&1
+    fi
+
+    if [ -e "${WSL_AGENT_SSH_SOCK}" ]; then
+        log "WSL has been shutdown ungracefully, leaving garbage behind"
+        rm "${WSL_AGENT_SSH_SOCK}"
+    fi
+
+    socat UNIX-LISTEN:"\"${WSL_AGENT_SSH_SOCK}\"",fork EXEC:"\"\'${RELAY_BIN}\' -ei -s \'//./pipe/openssh-ssh-agent\'\"",nofork 1>/dev/null 2>&1 &
+    SOCAT_WSL_AGENT_SSH_PID="$!"
+    if ! is_pid_running "${SOCAT_WSL_AGENT_SSH_PID}"; then
+        log "Relay for ${SOCAT_WSL_AGENT_SSH_PID} failed"
+        return 1
+    fi
+    log "Relay is running with PID: ${SOCAT_WSL_AGENT_SSH_PID}"
+
+    if [[ -z "$SKIP_SSH_TEST" ]]; then
+        log -n "Polling remote ssh-agent..."
+        SSH_AUTH_SOCK="${WSL_AGENT_SSH_SOCK}" ssh-add -L >/dev/null 2>&1 || die "[$?] Failure communicating with ssh-agent"
+        log "OK"
+    fi
+
+    # Everything necessary checks, we are ready for actions
+    log "Entering wait..."
+    wait ${SOCAT_WSL_AGENT_SSH_PID}
+}
+
+main "$@"