diff options
| author | Robin Gloster <mail@glob.in> | 2019-11-04 22:16:06 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-11-04 22:16:06 +0100 |
| commit | db502b034f4293ad66bef7136a401a2092a679ba (patch) | |
| tree | 276cf0b793b154c42ffaf303ff7445388621238f /nixos/modules/programs | |
| parent | fa7d7eb95bf1acec2b89140a6d1743e08510892a (diff) | |
| parent | 8120184bf176fc34707f4504c8d1d91716d1e22d (diff) | |
| download | nixpkgs-db502b034f4293ad66bef7136a401a2092a679ba.tar nixpkgs-db502b034f4293ad66bef7136a401a2092a679ba.tar.gz nixpkgs-db502b034f4293ad66bef7136a401a2092a679ba.tar.bz2 nixpkgs-db502b034f4293ad66bef7136a401a2092a679ba.tar.lz nixpkgs-db502b034f4293ad66bef7136a401a2092a679ba.tar.xz nixpkgs-db502b034f4293ad66bef7136a401a2092a679ba.tar.zst nixpkgs-db502b034f4293ad66bef7136a401a2092a679ba.zip | |
Merge pull request #71139 from philandstuff/ssh-agent-pkcs11-whitelist
ssh-agent: add agentPKCS11Whitelist option
Diffstat (limited to 'nixos/modules/programs')
| -rw-r--r-- | nixos/modules/programs/ssh.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 733b8f7636f..703975fd06c 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -115,6 +115,16 @@ in ''; }; + agentPKCS11Whitelist = mkOption { + type = types.nullOr types.str; + default = null; + example = "\${pkgs.opensc}/lib/opensc-pkcs11.so"; + description = '' + A pattern-list of acceptable paths for PKCS#11 shared libraries + that may be used with the -s option to ssh-add. + ''; + }; + package = mkOption { type = types.package; default = pkgs.openssh; @@ -241,6 +251,7 @@ in ExecStart = "${cfg.package}/bin/ssh-agent " + optionalString (cfg.agentTimeout != null) ("-t ${cfg.agentTimeout} ") + + optionalString (cfg.agentPKCS11Whitelist != null) ("-P ${cfg.agentPKCS11Whitelist} ") "-a %t/ssh-agent"; StandardOutput = "null"; Type = "forking"; |