diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-02-25 14:29:24 +0100 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-02-25 14:31:17 +0100 |
| commit | 36d0f367defd885e7bdaf3833758b6fd76c072d4 (patch) | |
| tree | 0d2e00dea59833cebda4de1fce5a0fa9c7b0b53a /nixos/modules | |
| parent | 93902ea1086d72776677d10a453fe5577022f851 (diff) | |
| download | nixlib-36d0f367defd885e7bdaf3833758b6fd76c072d4.tar nixlib-36d0f367defd885e7bdaf3833758b6fd76c072d4.tar.gz nixlib-36d0f367defd885e7bdaf3833758b6fd76c072d4.tar.bz2 nixlib-36d0f367defd885e7bdaf3833758b6fd76c072d4.tar.lz nixlib-36d0f367defd885e7bdaf3833758b6fd76c072d4.tar.xz nixlib-36d0f367defd885e7bdaf3833758b6fd76c072d4.tar.zst nixlib-36d0f367defd885e7bdaf3833758b6fd76c072d4.zip | |
ssh-agent: Fix asking for confirmation via $SSH_ASKPASS
This was lost back in ffedee6ed523864dd5f871ffd85e3c2099d579a2. Getting this to work is slightly tricky because ssh-agent runs as a user unit, and so doesn't know the user's $DISPLAY.
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/programs/ssh.nix | 25 | ||||
| -rw-r--r-- | nixos/modules/services/x11/display-managers/default.nix | 4 |
2 files changed, 27 insertions, 2 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 796740ea636a..bd9b897158dc 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -4,8 +4,19 @@ with lib; -let cfg = config.programs.ssh; - cfgd = config.services.openssh; +let + + cfg = config.programs.ssh; + cfgd = config.services.openssh; + + askPassword = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"; + + askPasswordWrapper = pkgs.writeScript "ssh-askpass-wrapper" + '' + #! ${pkgs.stdenv.shell} -e + export DISPLAY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^DISPLAY=\(.*\)/\1/; t; d')" + exec ${askPassword} + ''; in { @@ -117,6 +128,11 @@ in Restart = "on-failure"; SuccessExitStatus = "0 2"; }; + # Allow ssh-agent to ask for confirmation. This requires the + # unit to know about the user's $DISPLAY (via ‘systemctl + # import-environment’). + environment.SSH_ASKPASS = optionalString config.services.xserver.enable askPasswordWrapper; + environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS }; environment.extraInit = optionalString cfg.startAgent @@ -126,5 +142,10 @@ in fi ''; + environment.interactiveShellInit = optionalString config.services.xserver.enable + '' + export SSH_ASKPASS=${askPassword} + ''; + }; } diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 601971d27b69..ea45dabd1257 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -89,6 +89,10 @@ let ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" ''} + # Tell systemd about our $DISPLAY. This is needed by the + # ssh-agent unit. + ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY + # Load X defaults. ${xorg.xrdb}/bin/xrdb -merge ${xresourcesXft} if test -e ~/.Xresources; then |