From 5740b583a45797f859dffee5aaad70cc6109371d Mon Sep 17 00:00:00 2001
From: Christian Busch <chris@debilux.org>
Date: Thu, 12 Feb 2026 21:31:04 +0100
Subject: [PATCH] SSH: Optimized key loading

---
 .config/zsh/conf.d/30-ssh-agent.zsh | 42 +++++++++++++++++++++++++++++
 .ssh/conf.d/.gitignore              |  0
 .ssh/config                         |  4 +++
 3 files changed, 46 insertions(+)
 create mode 100644 .config/zsh/conf.d/30-ssh-agent.zsh
 create mode 100644 .ssh/conf.d/.gitignore

diff --git a/.config/zsh/conf.d/30-ssh-agent.zsh b/.config/zsh/conf.d/30-ssh-agent.zsh
new file mode 100644
index 0000000..b5c6e05
--- /dev/null
+++ b/.config/zsh/conf.d/30-ssh-agent.zsh
@@ -0,0 +1,42 @@
+## SSH Agent - Load all keys from ~/.ssh/keys/ on startup
+
+# On macOS, use the system keychain ssh-agent
+if [[ "$OSTYPE" == darwin* ]]; then
+    # macOS uses a system-wide ssh-agent
+    # Just add keys if they're not already loaded
+    if [[ -d "$HOME/.ssh/keys" ]]; then
+        for key in "$HOME/.ssh/keys"/*; do
+            # Skip .pub files and non-existent files
+            [[ "$key" == *.pub ]] && continue
+            [[ ! -f "$key" ]] && continue
+            
+            # Check if key is already in agent
+            if ! ssh-add -l 2>/dev/null | grep -q "$(ssh-keygen -lf "$key" 2>/dev/null | awk '{print $2}')"; then
+                # Add key to agent (macOS will use keychain)
+                ssh-add --apple-use-keychain "$key" 2>/dev/null
+            fi
+        done
+    fi
+else
+    # Linux/BSD: Start ssh-agent if not running
+    if ! pgrep -u "$USER" ssh-agent > /dev/null; then
+        ssh-agent -t 1h > "$HOME/.ssh-agent.env"
+    fi
+    
+    # Source ssh-agent environment
+    if [[ ! -S ~/.ssh/ssh_auth_sock && -f "$HOME/.ssh-agent.env" ]]; then
+        source "$HOME/.ssh-agent.env" >/dev/null
+    fi
+    
+    # Add all private keys from ~/.ssh/keys/
+    if [[ -d "$HOME/.ssh/keys" ]]; then
+        for key in "$HOME/.ssh/keys"/*; do
+            [[ "$key" == *.pub ]] && continue
+            [[ ! -f "$key" ]] && continue
+            
+            if ! ssh-add -l 2>/dev/null | grep -q "$(ssh-keygen -lf "$key" 2>/dev/null | awk '{print $2}')"; then
+                ssh-add -t 1h "$key" 2>/dev/null
+            fi
+        done
+    fi
+fi
diff --git a/.ssh/conf.d/.gitignore b/.ssh/conf.d/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/.ssh/config b/.ssh/config
index 0e3bcb4..9078271 100644
--- a/.ssh/config
+++ b/.ssh/config
@@ -3,6 +3,10 @@ ControlMaster auto
 ControlPath ~/.ssh/master/control-%h-%p-%r
 ControlPersist 600
 
+## Use macOS keychain for SSH keys
+AddKeysToAgent yes
+UseKeychain yes
+
 ## Disbale GSSAPI authentication to speedup connecting
 GSSAPIAuthentication=no