From 53b88524989e51c3b3da87dfa1ee8b95c32467f7 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Fri, 20 May 2016 16:34:16 +0300 Subject: [PATCH] initrd-ssh service: add assertions for host keys --- nixos/modules/system/boot/initrd-ssh.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index a881459bed18..3e2805a8c341 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -85,6 +85,10 @@ in }; config = mkIf (config.boot.initrd.network.enable && cfg.enable) { + assertions = [ { + assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; + message = "You should specify at least one host key for initrd SSH"; + } ]; boot.initrd.extraUtilsCommands = '' copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear