nixos/ssh: Add enableAskPassword

Previously, this was only implicitly enabled if xserver.enable = true. However, Wayland-based desktops do not require this, and so configuring SSH_ASKPASS on a Wayland desktop becomes cumbersome. This simplifies that by adding a new option that defaults to the old conditional.
3 years ago · f10aea2434
parent 75df464afc
commit f10aea2434
3 changed files with 25 additions and 2 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@ -167,6 +167,16 @@
          using this default will print a warning when rebuilt.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          The option
+          <link linkend="opt-services.ssh.enableAskPassword">services.ssh.enableAskPassword</link>
+          was added, decoupling the setting of
+          <literal>SSH_ASKPASS</literal> from
+          <literal>services.xserver.enable</literal>. This allows easy
+          usage in non-X11 environments, e.g. Wayland.
+        </para>
+      </listitem>
    </itemizedlist>
  </section>
 </section>
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@ -68,3 +68,9 @@ In addition to numerous new and upgraded packages, this release has the followin

 - The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11.
  Configurations using this default will print a warning when rebuilt.
+
+- The option
+  [services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was
+  added, decoupling the setting of `SSH_ASKPASS` from
+  `services.xserver.enable`. This allows easy usage in non-X11 environments,
+  e.g. Wayland.
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@ -33,6 +33,13 @@ in

    programs.ssh = {

+      enableAskPassword = mkOption {
+        type = types.bool;
+        default = config.services.xserver.enable;
+        defaultText = literalExpression "config.services.xserver.enable";
+        description = "Whether to configure SSH_ASKPASS in the environment.";
+      };
+
      askPassword = mkOption {
        type = types.str;
        default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
@ -287,7 +294,7 @@ in
        # Allow ssh-agent to ask for confirmation. This requires the
        # unit to know about the user's $DISPLAY (via ‘systemctl
        # import-environment’).
-        environment.SSH_ASKPASS = optionalString config.services.xserver.enable askPasswordWrapper;
+        environment.SSH_ASKPASS = optionalString cfg.enableAskPassword askPasswordWrapper;
        environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS
      };

@ -298,7 +305,7 @@ in
        fi
      '';

-    environment.variables.SSH_ASKPASS = optionalString config.services.xserver.enable askPassword;
+    environment.variables.SSH_ASKPASS = optionalString cfg.enableAskPassword askPassword;

  };
 }