diff options
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 10 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2205.section.md | 6 | ||||
-rw-r--r-- | nixos/modules/programs/ssh.nix | 11 |
3 files changed, 25 insertions, 2 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 716b91c3c53..52b2b38061f 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -167,6 +167,16 @@ using this default will print a warning when rebuilt. </para> </listitem> + <listitem> + <para> + The option + <link linkend="opt-services.ssh.enableAskPassword">services.ssh.enableAskPassword</link> + was added, decoupling the setting of + <literal>SSH_ASKPASS</literal> from + <literal>services.xserver.enable</literal>. This allows easy + usage in non-X11 environments, e.g. Wayland. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 7610cfb732d..27491e7837c 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -68,3 +68,9 @@ In addition to numerous new and upgraded packages, this release has the followin - The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11. Configurations using this default will print a warning when rebuilt. + +- The option + [services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was + added, decoupling the setting of `SSH_ASKPASS` from + `services.xserver.enable`. This allows easy usage in non-X11 environments, + e.g. Wayland. diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 5da15b68cf7..c680063a47c 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -33,6 +33,13 @@ in programs.ssh = { + enableAskPassword = mkOption { + type = types.bool; + default = config.services.xserver.enable; + defaultText = literalExpression "config.services.xserver.enable"; + description = "Whether to configure SSH_ASKPASS in the environment."; + }; + askPassword = mkOption { type = types.str; default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"; @@ -287,7 +294,7 @@ in # Allow ssh-agent to ask for confirmation. This requires the # unit to know about the user's $DISPLAY (via ‘systemctl # import-environment’). - environment.SSH_ASKPASS = optionalString config.services.xserver.enable askPasswordWrapper; + environment.SSH_ASKPASS = optionalString cfg.enableAskPassword askPasswordWrapper; environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS }; @@ -298,7 +305,7 @@ in fi ''; - environment.variables.SSH_ASKPASS = optionalString config.services.xserver.enable askPassword; + environment.variables.SSH_ASKPASS = optionalString cfg.enableAskPassword askPassword; }; } |