From 00f444d0c1dc8f8461f156cd30db628a5108e4b5 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Tue, 20 Sep 2016 12:04:48 +0300
Subject: initrd-ssh service: check that authorized keys are added

---
 nixos/modules/system/boot/initrd-ssh.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'nixos/modules')

diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix
index bc899984c57d..a8c7d4b3ee5e 100644
--- a/nixos/modules/system/boot/initrd-ssh.nix
+++ b/nixos/modules/system/boot/initrd-ssh.nix
@@ -85,10 +85,14 @@ in
   };
 
   config = mkIf (config.boot.initrd.network.enable && cfg.enable) {
-    assertions = [ {
-      assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null;
-      message = "You should specify at least one host key for initrd SSH";
-    } ];
+    assertions = [
+      { assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null;
+        message = "You should specify at least one host key for initrd SSH";
+      }
+      { assertion = cfg.authorizedKeys != [];
+        message = "You should specify at least one authorized key for initrd SSH";
+      }
+    ];
 
     boot.initrd.extraUtilsCommands = ''
       copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear
-- 
cgit 1.4.1