To fix your TODO you can add something like this service in /etc/systemd/system/split-ssh.service
And enable it with systemctl enable split-ssh
#/etc/systemd/system/split-ssh.service
[Unit]
Description=Split ssh daemon
[Service]
Type=exec
Environment=SSH_VAULT_VM=ssh-vault
Environment=SSH_SOCK=/home/user/.SSH_AGENT_ssh-vault
User=user
ExecStartPre=rm -f $SSH_SOCK
ExecStart=/bin/sh -c 'umask 177 && socat "UNIX-LISTEN:$SSH_SOCK,fork" "EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent"'
[Install]
WantedBy=multi-user.target
To fix your TODO you can add something like this service in /etc/systemd/system/split-ssh.service
And enable it with
systemctl enable split-ssh