public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initrd-ssh service: check that authorized keys are added

Browse Source
This commit is contained in:
Nikolay Amiantov 2016-09-20 12:04:48 +03:00
parent febb35bd03
commit 00f444d0c1
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nixos/modules/system/boot/initrd-ssh.nix
View File

@ -85,10 +85,14 @@ in
}; };
config = mkIf (config.boot.initrd.network.enable && cfg.enable) { config = mkIf (config.boot.initrd.network.enable && cfg.enable) {
assertions = [ { assertions = [
assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; { assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null;
message = "You should specify at least one host key for initrd SSH"; message = "You should specify at least one host key for initrd SSH";
} ]; }
{ assertion = cfg.authorizedKeys != [];
message = "You should specify at least one authorized key for initrd SSH";
}
];
boot.initrd.extraUtilsCommands = '' boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear