Let services.openssh.forwardX11 imply programs.ssh.setXAuthLocation

2016-09-05 15:38:42 +02:00 · 2016-09-05 15:38:42 +02:00 · f3c32cb2c1
commit f3c32cb2c1
parent e8315cb1ca
2 changed files with 5 additions and 1 deletions
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@ -56,7 +56,6 @@ in

      setXAuthLocation = mkOption {
        type = types.bool;
-        default = config.services.xserver.enable;
        description = ''
          Whether to set the path to <command>xauth</command> for X11-forwarded connections.
          This causes a dependency on X11 packages.
@ -165,6 +164,9 @@ in

  config = {

+    programs.ssh.setXAuthLocation =
+      mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11);
+
    assertions =
      [ { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;
          message = "cannot enable X11 forwarding without setting XAuth location";
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@ -227,6 +227,8 @@ in

  config = mkIf cfg.enable {

+    programs.ssh.setXAuthLocation = mkForce cfg.forwardX11;
+
    users.extraUsers.sshd =
      { isSystemUser = true;
        description = "SSH privilege separation user";