nix/2.home-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

ssh-agent: add allowedPKCS11Providers option

Browse source
This commit is contained in:
Xinyang Li 2026-01-07 21:04:34 +02:00 committed by Austin Horstman
parent 3351348827
commit 47db0fde35
7 changed files with 92 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tests/modules/services/ssh-agent/linux/default.nix
View file

@ -1,4 +1,5 @@
{
ssh-agent-basic-service = ./basic-service.nix;
ssh-agent-timeout-service = ./timeout-service.nix;
ssh-agent-pkcs11-service = ./pkcs11-service.nix;
}

9
tests/modules/services/ssh-agent/linux/pkcs11-service-expected.service Normal file
View file

@ -0,0 +1,9 @@
[Install]
WantedBy=default.target
[Service]
ExecStart=@openssh@/bin/ssh-agent -D -a %t/ssh-agent -P '/nix/store/*/lib,/usr/lib/libpkcs11.so,/usr/lib/other.so'
[Unit]
Description=SSH authentication agent
Documentation=man:ssh-agent(1)

16
tests/modules/services/ssh-agent/linux/pkcs11-service.nix Normal file
View file

@ -0,0 +1,16 @@
{
services.ssh-agent = {
enable = true;
pkcs11Whitelist = [
"/nix/store/*/lib"
"/usr/lib/libpkcs11.so"
"/usr/lib/other.so"
];
};
nmt.script = ''
assertFileContent \
home-files/.config/systemd/user/ssh-agent.service \
${./pkcs11-service-expected.service}
'';
}