diff options
author | Nikolay Amiantov <ab@fmap.me> | 2016-09-20 12:04:48 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2016-09-20 12:16:10 +0300 |
commit | 00f444d0c1dc8f8461f156cd30db628a5108e4b5 (patch) | |
tree | a1767a83ec9cfa11e7b2604e617998f7c3eb70bc /nixos/modules/system/boot/initrd-ssh.nix | |
parent | febb35bd03657bfd064cea56567331540ade3f39 (diff) |
initrd-ssh service: check that authorized keys are added
Diffstat (limited to 'nixos/modules/system/boot/initrd-ssh.nix')
-rw-r--r-- | nixos/modules/system/boot/initrd-ssh.nix | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index bc899984c57d2..a8c7d4b3ee5e8 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -85,10 +85,14 @@ in }; config = mkIf (config.boot.initrd.network.enable && cfg.enable) { - assertions = [ { - assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; - message = "You should specify at least one host key for initrd SSH"; - } ]; + assertions = [ + { assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; + message = "You should specify at least one host key for initrd SSH"; + } + { assertion = cfg.authorizedKeys != []; + message = "You should specify at least one authorized key for initrd SSH"; + } + ]; boot.initrd.extraUtilsCommands = '' copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear |