diff options
| author | Nikolay Amiantov <ab@fmap.me> | 2016-09-20 12:04:48 +0300 |
|---|---|---|
| committer | Nikolay Amiantov <ab@fmap.me> | 2016-09-20 12:16:10 +0300 |
| commit | 00f444d0c1dc8f8461f156cd30db628a5108e4b5 (patch) | |
| tree | a1767a83ec9cfa11e7b2604e617998f7c3eb70bc /nixos/modules/system/boot/initrd-ssh.nix | |
| parent | febb35bd03657bfd064cea56567331540ade3f39 (diff) | |
| download | nixpkgs-00f444d0c1dc8f8461f156cd30db628a5108e4b5.tar nixpkgs-00f444d0c1dc8f8461f156cd30db628a5108e4b5.tar.gz nixpkgs-00f444d0c1dc8f8461f156cd30db628a5108e4b5.tar.bz2 nixpkgs-00f444d0c1dc8f8461f156cd30db628a5108e4b5.tar.lz nixpkgs-00f444d0c1dc8f8461f156cd30db628a5108e4b5.tar.xz nixpkgs-00f444d0c1dc8f8461f156cd30db628a5108e4b5.tar.zst nixpkgs-00f444d0c1dc8f8461f156cd30db628a5108e4b5.zip | |
initrd-ssh service: check that authorized keys are added
Diffstat (limited to 'nixos/modules/system/boot/initrd-ssh.nix')
| -rw-r--r-- | nixos/modules/system/boot/initrd-ssh.nix | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index bc899984c57..a8c7d4b3ee5 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -85,10 +85,14 @@ in }; config = mkIf (config.boot.initrd.network.enable && cfg.enable) { - assertions = [ { - assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; - message = "You should specify at least one host key for initrd SSH"; - } ]; + assertions = [ + { assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; + message = "You should specify at least one host key for initrd SSH"; + } + { assertion = cfg.authorizedKeys != []; + message = "You should specify at least one authorized key for initrd SSH"; + } + ]; boot.initrd.extraUtilsCommands = '' copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear |