From 9dd6c61f91a58b125fb9cb1806211cff19157dca Mon Sep 17 00:00:00 2001
From: Ethel Morgan <eth@ethulhu.co.uk>
Date: Wed, 1 Jul 2020 14:49:54 +0100
Subject: make eth.services.ssh.sshAgentAuth configurable

---
 nixos/modules/services/ssh.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/ssh.nix b/nixos/modules/services/ssh.nix
index d965472..f32599a 100644
--- a/nixos/modules/services/ssh.nix
+++ b/nixos/modules/services/ssh.nix
@@ -13,12 +13,18 @@ in {
       default = false;
       description = "Whether to allow password authentication. Occasionally useful, used sparingly.";
     };
+
+    sshAgentAuth = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Whether to enable sudo authentication using ssh-agent.";
+    };
   };
 
   config = mkIf cfg.enable {
 
-    security.pam.enableSSHAgentAuth = true;
-    security.pam.services.sudo.sshAgentAuth = true;
+    security.pam.enableSSHAgentAuth = cfg.sshAgentAuth;
+    security.pam.services.sudo.sshAgentAuth = cfg.sshAgentAuth;
 
     services.openssh = {
       enable = true;
-- 
cgit v1.2.3