qusal/salt/sys-ssh-agent/files/server/bin/qvm-ssh-agent

#!/bin/sh

# SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

set -eu

service="qusal-ssh-agent"

usage(){
  printf '%s\n' "Usage: ${0##*/} [ls|add] <AGENT>
  ls: list agent(s)
  add: add keys to agent(s)
  reload: reload/re-add keys from agent(s)
Example:
  ${0##*/} ls work      # list the work agent keys
  ${0##*/} add work     # add keys to the work agent
  ${0##*/} reload work  # reload/re-add keys from the work agent"
  exit 1
}

ls_agent(){
  socket="/tmp/${service}/${agent}.sock"
  test -S "${socket}" || return 1
  agent="$(printf '%s\n' "${socket}" | sed -e "s|.*${service}/||;s/\.sock//")"
  printf '%s\n' "Agent: (${agent}) ${socket}"
  SSH_AUTH_SOCK="${socket}" ssh-add -l || true
}

add_agent(){
  # shellcheck disable=SC2174
  mkdir -m 0700 -p -- "/tmp/${service}"
  dir="${HOME}/.ssh/identities.d/${agent}"
  if ! test -d "${dir}"; then
    printf '%s\n' "Directory not found: ${dir}" >&2
    return 1
  fi
  dir="${dir##*/}"
  socket="/tmp/${service}/${dir}.sock"
  if ! test -S "${socket}"; then
    reload_agent=1
    ssh-agent -a "/tmp/${service}/${agent}.sock"
  fi
  if ! test "${reload_agent}" = "1"; then
    return
  fi
  keys="$(grep -sl -e "-----BEGIN OPENSSH PRIVATE KEY-----" \
          -- "${HOME}/.ssh/identities.d/${dir}"/* || true)"
  if test -z "${keys}"; then
    printf '%s\n' "Directory has no key: ${dir}" >&2
    return 1
  fi
  SSH_AUTH_SOCK="${socket}" ssh-add -D 2>/dev/null || true
  for k in $(printf '%s\n' "${keys}"); do
    test -f "${k}" || continue
    ssh_add_option=""
    if test -f "${k}.ssh-add-option"; then
      ssh_add_option="$(cat -- "${k}.ssh-add-option")"
    fi
    # shellcheck disable=SC2086
    SSH_AUTH_SOCK="${socket}" ssh-add ${ssh_add_option} -- "${k}"
  done
}

test -z "${2-}" && usage
action="${1-}"
agent="${2-}"
reload_agent=""

case "${action}" in
  ls) ls_agent;;
  add) add_agent;;
  reload) reload_agent="1"; add_agent;;
  *) usage;;
esac