nixos/ssh: Add enableAskPassword

Previously, this was only implicitly enabled if xserver.enable = true.
However, Wayland-based desktops do not require this, and so configuring
SSH_ASKPASS on a Wayland desktop becomes cumbersome. This simplifies
that by adding a new option that defaults to the old conditional.
This commit is contained in:
Andrew Marshall 2021-12-11 11:13:50 -05:00
parent 75df464afc
commit f10aea2434
3 changed files with 25 additions and 2 deletions

View File

@ -167,6 +167,16 @@
using this default will print a warning when rebuilt.
</para>
</listitem>
<listitem>
<para>
The option
<link linkend="opt-services.ssh.enableAskPassword">services.ssh.enableAskPassword</link>
was added, decoupling the setting of
<literal>SSH_ASKPASS</literal> from
<literal>services.xserver.enable</literal>. This allows easy
usage in non-X11 environments, e.g. Wayland.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View File

@ -68,3 +68,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11.
Configurations using this default will print a warning when rebuilt.
- The option
[services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was
added, decoupling the setting of `SSH_ASKPASS` from
`services.xserver.enable`. This allows easy usage in non-X11 environments,
e.g. Wayland.

View File

@ -33,6 +33,13 @@ in
programs.ssh = {
enableAskPassword = mkOption {
type = types.bool;
default = config.services.xserver.enable;
defaultText = literalExpression "config.services.xserver.enable";
description = "Whether to configure SSH_ASKPASS in the environment.";
};
askPassword = mkOption {
type = types.str;
default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
@ -287,7 +294,7 @@ in
# Allow ssh-agent to ask for confirmation. This requires the
# unit to know about the user's $DISPLAY (via systemctl
# import-environment).
environment.SSH_ASKPASS = optionalString config.services.xserver.enable askPasswordWrapper;
environment.SSH_ASKPASS = optionalString cfg.enableAskPassword askPasswordWrapper;
environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS
};
@ -298,7 +305,7 @@ in
fi
'';
environment.variables.SSH_ASKPASS = optionalString config.services.xserver.enable askPassword;
environment.variables.SSH_ASKPASS = optionalString cfg.enableAskPassword askPassword;
};
}