Merge pull request #276499 from nbraud/nixos/pam/ssh-agent-auth
nixos/pam: Add assertion for SSH-agent auth
This commit is contained in:
Maciej Krüger
GitHub
commit
c931d73fba
2 changed files with 10 additions and 0 deletions
|
|
@ -95,6 +95,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
||||||
|
|
||||||
- `systemd.oomd.enableUserServices` is renamed to `systemd.oomd.enableUserSlices`.
|
- `systemd.oomd.enableUserServices` is renamed to `systemd.oomd.enableUserSlices`.
|
||||||
|
|
||||||
|
- `security.pam.enableSSHAgentAuth` now requires `services.openssh.authorizedKeysFiles` to be non-empty,
|
||||||
|
which is the case when `services.openssh.enable` is true. Previously, `pam_ssh_agent_auth` silently failed to work.
|
||||||
|
|
||||||
## Other Notable Changes {#sec-release-24.05-notable-changes}
|
## Other Notable Changes {#sec-release-24.05-notable-changes}
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
|
||||||
|
|
@ -1456,6 +1456,13 @@ in
|
||||||
`security.pam.zfs.enable` requires enabling ZFS (`boot.zfs.enabled` or `boot.zfs.enableUnstable`).
|
`security.pam.zfs.enable` requires enabling ZFS (`boot.zfs.enabled` or `boot.zfs.enableUnstable`).
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
assertion = config.security.pam.enableSSHAgentAuth -> config.services.openssh.authorizedKeysFiles != [];
|
||||||
|
message = ''
|
||||||
|
`security.pam.enableSSHAgentAuth` requires `services.openssh.authorizedKeysFiles` to be a non-empty list.
|
||||||
|
Did you forget to set `services.openssh.enable` ?
|
||||||
|
'';
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages =
|
environment.systemPackages =
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue