cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #150270 from amarshall/ssh-askpass-enable

Browse source 
nixos/ssh: Add enableAskPassword
This commit is contained in:
Janne Heß 2021-12-18 20:48:52 +01:00 committed by GitHub
commit 06be2a9256
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View file

@ -167,6 +167,16 @@
using this default will print a warning when rebuilt. using this default will print a warning when rebuilt.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The option
<link linkend="opt-services.ssh.enableAskPassword">services.ssh.enableAskPassword</link>
was added, decoupling the setting of
<literal>SSH_ASKPASS</literal> from
<literal>services.xserver.enable</literal>. This allows easy
usage in non-X11 environments, e.g. Wayland.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

6
nixos/doc/manual/release-notes/rl-2205.section.md
View file

@ -68,3 +68,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11. - The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11.
Configurations using this default will print a warning when rebuilt. Configurations using this default will print a warning when rebuilt.
- The option
[services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was
added, decoupling the setting of `SSH_ASKPASS` from
`services.xserver.enable`. This allows easy usage in non-X11 environments,
e.g. Wayland.

11
nixos/modules/programs/ssh.nix
View file

@ -33,6 +33,13 @@ in
programs.ssh = { programs.ssh = {
enableAskPassword = mkOption {
type = types.bool;
default = config.services.xserver.enable;
defaultText = literalExpression "config.services.xserver.enable";
description = "Whether to configure SSH_ASKPASS in the environment.";
};
askPassword = mkOption { askPassword = mkOption {
type = types.str; type = types.str;
default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"; default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
@ -287,7 +294,7 @@ in
# Allow ssh-agent to ask for confirmation. This requires the # Allow ssh-agent to ask for confirmation. This requires the
# unit to know about the user's $DISPLAY (via systemctl # unit to know about the user's $DISPLAY (via systemctl
# import-environment). # import-environment).
environment.SSH_ASKPASS = optionalString config.services.xserver.enable askPasswordWrapper; environment.SSH_ASKPASS = optionalString cfg.enableAskPassword askPasswordWrapper;
environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS
}; };
@ -298,7 +305,7 @@ in
fi fi
''; '';
environment.variables.SSH_ASKPASS = optionalString config.services.xserver.enable askPassword; environment.variables.SSH_ASKPASS = optionalString cfg.enableAskPassword askPassword;
}; };
} }