Merge pull request #150270 from amarshall/ssh-askpass-enable
nixos/ssh: Add enableAskPassword
This commit is contained in:
commit
06be2a9256
3 changed files with 25 additions and 2 deletions
|
@ -167,6 +167,16 @@
|
|||
using this default will print a warning when rebuilt.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The option
|
||||
<link linkend="opt-services.ssh.enableAskPassword">services.ssh.enableAskPassword</link>
|
||||
was added, decoupling the setting of
|
||||
<literal>SSH_ASKPASS</literal> from
|
||||
<literal>services.xserver.enable</literal>. This allows easy
|
||||
usage in non-X11 environments, e.g. Wayland.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
|
|
@ -68,3 +68,9 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11.
|
||||
Configurations using this default will print a warning when rebuilt.
|
||||
|
||||
- The option
|
||||
[services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was
|
||||
added, decoupling the setting of `SSH_ASKPASS` from
|
||||
`services.xserver.enable`. This allows easy usage in non-X11 environments,
|
||||
e.g. Wayland.
|
||||
|
|
|
@ -33,6 +33,13 @@ in
|
|||
|
||||
programs.ssh = {
|
||||
|
||||
enableAskPassword = mkOption {
|
||||
type = types.bool;
|
||||
default = config.services.xserver.enable;
|
||||
defaultText = literalExpression "config.services.xserver.enable";
|
||||
description = "Whether to configure SSH_ASKPASS in the environment.";
|
||||
};
|
||||
|
||||
askPassword = mkOption {
|
||||
type = types.str;
|
||||
default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
|
||||
|
@ -287,7 +294,7 @@ in
|
|||
# Allow ssh-agent to ask for confirmation. This requires the
|
||||
# unit to know about the user's $DISPLAY (via ‘systemctl
|
||||
# import-environment’).
|
||||
environment.SSH_ASKPASS = optionalString config.services.xserver.enable askPasswordWrapper;
|
||||
environment.SSH_ASKPASS = optionalString cfg.enableAskPassword askPasswordWrapper;
|
||||
environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS
|
||||
};
|
||||
|
||||
|
@ -298,7 +305,7 @@ in
|
|||
fi
|
||||
'';
|
||||
|
||||
environment.variables.SSH_ASKPASS = optionalString config.services.xserver.enable askPassword;
|
||||
environment.variables.SSH_ASKPASS = optionalString cfg.enableAskPassword askPassword;
|
||||
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue