Merge pull request #276499 from nbraud/nixos/pam/ssh-agent-auth
nixos/pam: Add assertion for SSH-agent auth
This commit is contained in:
commit
c931d73fba
2 changed files with 10 additions and 0 deletions
|
@ -95,6 +95,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||
|
||||
- `systemd.oomd.enableUserServices` is renamed to `systemd.oomd.enableUserSlices`.
|
||||
|
||||
- `security.pam.enableSSHAgentAuth` now requires `services.openssh.authorizedKeysFiles` to be non-empty,
|
||||
which is the case when `services.openssh.enable` is true. Previously, `pam_ssh_agent_auth` silently failed to work.
|
||||
|
||||
## Other Notable Changes {#sec-release-24.05-notable-changes}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
|
|
@ -1456,6 +1456,13 @@ in
|
|||
`security.pam.zfs.enable` requires enabling ZFS (`boot.zfs.enabled` or `boot.zfs.enableUnstable`).
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = config.security.pam.enableSSHAgentAuth -> config.services.openssh.authorizedKeysFiles != [];
|
||||
message = ''
|
||||
`security.pam.enableSSHAgentAuth` requires `services.openssh.authorizedKeysFiles` to be a non-empty list.
|
||||
Did you forget to set `services.openssh.enable` ?
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages =
|
||||
|
|
Loading…
Reference in a new issue