ssh-agent: Fix asking for confirmation via $SSH_ASKPASS

This was lost back in ffedee6ed523864dd5f871ffd85e3c2099d579a2. Getting this to work is slightly tricky because ssh-agent runs as a user unit, and so doesn't know the user's $DISPLAY.
2015-02-25 14:29:24 +01:00 · 2015-02-25 14:29:24 +01:00 · 36d0f367de
commit 36d0f367de
parent 93902ea108
2 changed files with 27 additions and 2 deletions
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@ -4,9 +4,20 @@

 with lib;

-let cfg  = config.programs.ssh;
+let
+
+  cfg  = config.programs.ssh;
  cfgd = config.services.openssh;

+  askPassword = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
+
+  askPasswordWrapper = pkgs.writeScript "ssh-askpass-wrapper"
+    ''
+      #! ${pkgs.stdenv.shell} -e
+      export DISPLAY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^DISPLAY=\(.*\)/\1/; t; d')"
+      exec ${askPassword}
+    '';
+
 in
 {
  ###### interface
@ -117,6 +128,11 @@ in
            Restart = "on-failure";
            SuccessExitStatus = "0 2";
          };
+        # Allow ssh-agent to ask for confirmation. This requires the
+        # unit to know about the user's $DISPLAY (via ‘systemctl
+        # import-environment’).
+        environment.SSH_ASKPASS = optionalString config.services.xserver.enable askPasswordWrapper;
+        environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS
      };

    environment.extraInit = optionalString cfg.startAgent
@ -126,5 +142,10 @@ in
        fi
      '';

+    environment.interactiveShellInit = optionalString config.services.xserver.enable
+      ''
+        export SSH_ASKPASS=${askPassword}
+      '';
+
  };
 }
--- a/nixos/modules/services/x11/display-managers/default.nix
+++ b/nixos/modules/services/x11/display-managers/default.nix
@ -89,6 +89,10 @@ let
        ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1"
      ''}

+      # Tell systemd about our $DISPLAY. This is needed by the
+      # ssh-agent unit.
+      ${config.systemd.package}/bin/systemctl --user import-environment DISPLAY
+
      # Load X defaults.
      ${xorg.xrdb}/bin/xrdb -merge ${xresourcesXft}
      if test -e ~/.Xresources; then