Use ssh-agent for distributed builds

## Is your feature request related to a problem?

I may be holding it wrong, but:

Running distributed builds with an encrypted private key seems to be impossible currently. Nix apparently takes the key file verbatim and doesn't ask the agent, and SSH's password prompt fails with

```
debug1: read_passphrase: can't open /dev/tty: No such device or address
```

Related: https://github.com/NixOS/nix/issues/5133 

## Proposed solution

What *should* be possible is adding an encrypted key to `ssh-agent` and sharing the agent's socket with the `root` user. Then Nix must consult the agent to unlock the key.

## Alternative solutions

As a workaround, do all sorts of stuff where keeping an unecrypted key around in `/root/.ssh` is unproblematic.

## Additional context

Getting remote builds to work is a problem I had since my beginnings of using Nix, and I have strong anecdotal evidence that it's still a very important feature for new users.

https://nix.dev/tutorials/nixos/distributed-builds-setup

## Checklist



- [x] checked [latest Nix manual] \([source])
- [x] checked [open feature issues and pull requests] for possible duplicates

[latest Nix manual]: https://nixos.org/manual/nix/unstable/
[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
[open feature issues and pull requests]: https://github.com/NixOS/nix/labels/feature

---

Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use ssh-agent for distributed builds #11987

Is your feature request related to a problem?

Proposed solution

Alternative solutions

Additional context

Checklist

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development