diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-08-14 00:20:49 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-08-14 00:23:16 +0000 |
commit | 4999a38db7c5de0ea9f514a12ecd4133cce647f3 (patch) | |
tree | bbb659ab07fda4c9b98053499b7e3f046ac6d5dc /nixpkgs/nixos/modules/programs/ssh.nix | |
parent | f9abd30e11337cf07034f2cc8ad1691aa4a69386 (diff) | |
parent | 8746c77a383f5c76153c7a181f3616d273acfa2a (diff) | |
download | nixlib-4999a38db7c5de0ea9f514a12ecd4133cce647f3.tar nixlib-4999a38db7c5de0ea9f514a12ecd4133cce647f3.tar.gz nixlib-4999a38db7c5de0ea9f514a12ecd4133cce647f3.tar.bz2 nixlib-4999a38db7c5de0ea9f514a12ecd4133cce647f3.tar.lz nixlib-4999a38db7c5de0ea9f514a12ecd4133cce647f3.tar.xz nixlib-4999a38db7c5de0ea9f514a12ecd4133cce647f3.tar.zst nixlib-4999a38db7c5de0ea9f514a12ecd4133cce647f3.zip |
Merge commit '8746c77a383f5c76153c7a181f3616d273acfa2a'
Diffstat (limited to 'nixpkgs/nixos/modules/programs/ssh.nix')
-rw-r--r-- | nixpkgs/nixos/modules/programs/ssh.nix | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/nixpkgs/nixos/modules/programs/ssh.nix b/nixpkgs/nixos/modules/programs/ssh.nix index 46965dd35b71..733b8f7636fd 100644 --- a/nixpkgs/nixos/modules/programs/ssh.nix +++ b/nixpkgs/nixos/modules/programs/ssh.nix @@ -21,7 +21,7 @@ let knownHostsText = (flip (concatMapStringsSep "\n") knownHosts (h: assert h.hostNames != []; - concatStringsSep "," h.hostNames + " " + optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " " + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile) )) + "\n"; @@ -128,6 +128,14 @@ in default = {}; type = types.loaOf (types.submodule ({ name, ... }: { options = { + certAuthority = mkOption { + type = types.bool; + default = false; + description = '' + This public key is an SSH certificate authority, rather than an + individual host's key. + ''; + }; hostNames = mkOption { type = types.listOf types.str; default = []; @@ -227,6 +235,7 @@ in systemd.user.services.ssh-agent = mkIf cfg.startAgent { description = "SSH Agent"; wantedBy = [ "default.target" ]; + unitConfig.ConditionUser = "!@system"; serviceConfig = { ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent"; ExecStart = |