summary refs log tree commit diff
path: root/nixos/modules/system/boot/initrd-ssh.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/system/boot/initrd-ssh.nix')
-rw-r--r--nixos/modules/system/boot/initrd-ssh.nix11
1 files changed, 10 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix
index 673655f20ee..701d242abc1 100644
--- a/nixos/modules/system/boot/initrd-ssh.nix
+++ b/nixos/modules/system/boot/initrd-ssh.nix
@@ -73,6 +73,15 @@ in
       '';
     };
 
+    ignoreEmptyHostKeys = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        Allow leaving {option}`config.boot.initrd.network.ssh` empty,
+        to deploy ssh host keys out of band.
+      '';
+    };
+
     authorizedKeys = mkOption {
       type = types.listOf types.str;
       default = config.users.users.root.openssh.authorizedKeys.keys;
@@ -141,7 +150,7 @@ in
       }
 
       {
-        assertion = cfg.hostKeys != [];
+        assertion = (cfg.hostKeys != []) || cfg.ignoreEmptyHostKeys;
         message = ''
           You must now pre-generate the host keys for initrd SSH.
           See the boot.initrd.network.ssh.hostKeys documentation
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-30 00:21:18 +0000