Check sshd.permitRootLogin values.

svn path=/nixos/trunk/; revision=16769

modules/services/networking/ssh/sshd.nix

@@ -31,11 +31,11 @@ let
       GatewayPorts ${cfg.gatewayPorts}
     '';
 
-  # !!! is this assertion evaluated anywhere???
+  permitRootLoginCheck = v:
-  assertion = cfg.permitRootLogin == "yes" ||
+    v == "yes" ||
-       cfg.permitRootLogin == "without-password" ||
+    v == "without-password" ||
-       cfg.permitRootLogin == "forced-commands-only" ||
+    v == "forced-commands-only" ||
-       cfg.permitRootLogin == "no";
+    v == "no";
 
 in
 
@@ -73,6 +73,7 @@ in
 
       permitRootLogin = mkOption {
         default = "yes";
+        check = permitRootLoginCheck;
         description = ''
           Whether the root user can login using ssh. Valid values are
           <literal>yes</literal>, <literal>without-password</literal>,