diff options
Diffstat (limited to 'nixos/modules/programs/ssh.nix')
-rw-r--r-- | nixos/modules/programs/ssh.nix | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 796740ea636a..bd9b897158dc 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -4,8 +4,19 @@ with lib; -let cfg = config.programs.ssh; - cfgd = config.services.openssh; +let + + cfg = config.programs.ssh; + cfgd = config.services.openssh; + + askPassword = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"; + + askPasswordWrapper = pkgs.writeScript "ssh-askpass-wrapper" + '' + #! ${pkgs.stdenv.shell} -e + export DISPLAY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^DISPLAY=\(.*\)/\1/; t; d')" + exec ${askPassword} + ''; in { @@ -117,6 +128,11 @@ in Restart = "on-failure"; SuccessExitStatus = "0 2"; }; + # Allow ssh-agent to ask for confirmation. This requires the + # unit to know about the user's $DISPLAY (via ‘systemctl + # import-environment’). + environment.SSH_ASKPASS = optionalString config.services.xserver.enable askPasswordWrapper; + environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS }; environment.extraInit = optionalString cfg.startAgent @@ -126,5 +142,10 @@ in fi ''; + environment.interactiveShellInit = optionalString config.services.xserver.enable + '' + export SSH_ASKPASS=${askPassword} + ''; + }; } |