get ssh socket in prod

panel/nix/configuration.nix

@@ -159,16 +159,14 @@ in
       };
     };
 
-    users.users.${name} = {
-      isNormalUser = true;
-    };
+    users.users.${name}.isNormalUser = true;
 
-    users.groups.${name} = { };
     systemd.services.${name} = {
       description = "${name} ASGI server";
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
       path = [
+        pkgs.openssh
         python-environment
         manage-service
       ];
@@ -187,7 +185,7 @@ in
       '';
       serviceConfig = {
         Restart = "always";
-        User = "root";
+        User = name;
         WorkingDirectory = "/var/lib/${name}";
         StateDirectory = name;
         RuntimeDirectory = name;

panel/src/panel/settings.py

@@ -251,6 +251,11 @@ bin_path=env['BIN_PATH']
 # to deploy this should be specified, for dev just use a relative path.
 repo_dir = env["REPO_DIR"]
 
+output = subprocess.run(["ssh-agent"], capture_output=True, text=True, env={"PATH": bin_path}).stdout
+ssh_auth_sock = re.search("(?<==)([^;]*)", output)[1]
 ENV_VARS = {
     "ssh_private_key_file": env["SSH_PRIVATE_KEY_FILE"],
+    "deploy_environment": {
+        "SSH_AUTH_SOCK": ssh_auth_sock,
+    },
 }