diff options
Diffstat (limited to 'nixos/modules/system')
-rw-r--r-- | nixos/modules/system/activation/activation-script.nix | 4 | ||||
-rw-r--r-- | nixos/modules/system/boot/initrd-ssh.nix | 12 |
2 files changed, 10 insertions, 6 deletions
diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index 60298362d767..4c3d30e346c5 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -142,10 +142,10 @@ in # Empty, immutable home directory of many system accounts. mkdir -p /var/empty # Make sure it's really empty - ${pkgs.e2fsprogs}/bin/chattr -i /var/empty + ${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true find /var/empty -mindepth 1 -delete chmod 0555 /var/empty - ${pkgs.e2fsprogs}/bin/chattr +i /var/empty + ${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true ''; system.activationScripts.usrbinenv = if config.environment.usrbinenv != null diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index bc899984c57d..a8c7d4b3ee5e 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -85,10 +85,14 @@ in }; config = mkIf (config.boot.initrd.network.enable && cfg.enable) { - assertions = [ { - assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; - message = "You should specify at least one host key for initrd SSH"; - } ]; + assertions = [ + { assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; + message = "You should specify at least one host key for initrd SSH"; + } + { assertion = cfg.authorizedKeys != []; + message = "You should specify at least one authorized key for initrd SSH"; + } + ]; boot.initrd.extraUtilsCommands = '' copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear |