diff options
Diffstat (limited to 'nixos/modules/programs/ssh.nix')
| -rw-r--r-- | nixos/modules/programs/ssh.nix | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 27db667e4402..005c77d255cb 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -47,7 +47,20 @@ in for help. ''; }; + + startAgent = mkOption { + type = types.bool; + default = true; + description = '' + Whether to start the OpenSSH agent when you log in. The OpenSSH agent + remembers private keys for you so that you don't have to type in + passphrases every time you make an SSH connection. Use + <command>ssh-add</command> to add a key to the agent. + ''; + }; + }; + }; config = { @@ -71,5 +84,25 @@ in target = "ssh/ssh_config"; } ]; + + # FIXME: this should really be socket-activated for über-awesomeness. + systemd.user.services.ssh-agent = + { enable = cfg.startAgent; + description = "SSH Agent"; + wantedBy = [ "default.target" ]; + serviceConfig = + { ExecStart = "${pkgs.openssh}/bin/ssh-agent -a %t/ssh-agent"; + Type = "forking"; + Restart = "on-failure"; + }; + }; + + environment.extraInit = optionalString cfg.startAgent + '' + if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then + export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent" + fi + ''; + }; } |