diff options
Diffstat (limited to 'sys/auth')
| -rw-r--r-- | sys/auth/openssh.nix | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/auth/openssh.nix b/sys/auth/openssh.nix index c1c6c58..eaa28c2 100644 --- a/sys/auth/openssh.nix +++ b/sys/auth/openssh.nix @@ -69,6 +69,10 @@ in message = "SSH vsock restrict requires socket activation"; } { + assertion = restrict != null -> (restrict.vsockCid != null -> config.local.virt.enable); + message = "SSH vsock restrict requires nixvirt"; + } + { assertion = any (key: key) (attrValues cfg.hostKeys); message = "No OpenSSH host keys were enabled"; } @@ -126,7 +130,10 @@ in }; systemd.sockets = mkIf (restrict != null && restrict.vsockCid != null) { - sshd.socketConfig.ListenStream = mkForce [ "vsock:${toString restrict.vsockCid}:${toString port}" ]; + sshd = { + after = [ "nixvirt.service" ]; + socketConfig.ListenStream = mkForce [ "vsock:${toString restrict.vsockCid}:${toString port}" ]; + }; }; users.users = { |