Merge pull request #150270 from amarshall/ssh-askpass-enable

nixos/ssh: Add enableAskPassword
This commit is contained in:
Janne Heß 2021-12-18 20:48:52 +01:00 committed by GitHub
commit 06be2a9256
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 2 deletions

View file

@ -167,6 +167,16 @@
using this default will print a warning when rebuilt.
</para>
</listitem>
<listitem>
<para>
The option
<link linkend="opt-services.ssh.enableAskPassword">services.ssh.enableAskPassword</link>
was added, decoupling the setting of
<literal>SSH_ASKPASS</literal> from
<literal>services.xserver.enable</literal>. This allows easy
usage in non-X11 environments, e.g. Wayland.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View file

@ -68,3 +68,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11.
Configurations using this default will print a warning when rebuilt.
- The option
[services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was
added, decoupling the setting of `SSH_ASKPASS` from
`services.xserver.enable`. This allows easy usage in non-X11 environments,
e.g. Wayland.

View file

@ -33,6 +33,13 @@ in
programs.ssh = {
enableAskPassword = mkOption {
type = types.bool;
default = config.services.xserver.enable;
defaultText = literalExpression "config.services.xserver.enable";
description = "Whether to configure SSH_ASKPASS in the environment.";
};
askPassword = mkOption {
type = types.str;
default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
@ -287,7 +294,7 @@ in
# Allow ssh-agent to ask for confirmation. This requires the
# unit to know about the user's $DISPLAY (via systemctl
# import-environment).
environment.SSH_ASKPASS = optionalString config.services.xserver.enable askPasswordWrapper;
environment.SSH_ASKPASS = optionalString cfg.enableAskPassword askPasswordWrapper;
environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS
};
@ -298,7 +305,7 @@ in
fi
'';
environment.variables.SSH_ASKPASS = optionalString config.services.xserver.enable askPassword;
environment.variables.SSH_ASKPASS = optionalString cfg.enableAskPassword askPassword;
};
}