Merge pull request #4981 from NixOS/ssh-agent-timeout

ssh-agent: Limit the amount of time it keeps a key
2014-11-15 12:36:03 +01:00 · 2014-11-15 12:36:03 +01:00 · 1fe365b196
parent 2c19d082fb 2fd7e5f39d
commit 1fe365b196
1 changed files with 12 additions and 1 deletions
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@ -59,6 +59,14 @@ in
        '';
      };

+      agentTimeout = mkOption {
+        type = types.nullOr types.string;
+        default = "1h";
+        description = ''
+          How long to keep the private keys in memory. Use null to keep them forever.
+        '';
+      };
+
      package = mkOption {
        default = pkgs.openssh;
        description = ''
@ -99,7 +107,10 @@ in
        wantedBy = [ "default.target" ];
        serviceConfig =
          { ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
-            ExecStart = "${cfg.package}/bin/ssh-agent -a %t/ssh-agent";
+            ExecStart =
+                "${cfg.package}/bin/ssh-agent " +
+                optionalString (cfg.agentTimeout != null) ("-t ${cfg.agentTimeout} ") +
+                "-a %t/ssh-agent";
            StandardOutput = "null";
            Type = "forking";
            Restart = "on-failure";