From 6826521ec5ce3e723d0f00dec6ddf3d75cce108a Mon Sep 17 00:00:00 2001
From: Robert Helgesson <robert@rycee.net>
Date: Wed, 5 Dec 2018 00:14:15 +0100
Subject: [PATCH] ssh: add certificateFile option

---
 modules/programs/ssh.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/programs/ssh.nix b/modules/programs/ssh.nix
index 0f88c538a..b0d07f518 100644
--- a/modules/programs/ssh.nix
+++ b/modules/programs/ssh.nix
@@ -125,6 +125,14 @@ let
         description = "The command to use to connect to the server.";
       };
 
+      certificateFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        description = ''
+          Specifies a file from which the user certificate is read.
+        '';
+      };
+
       extraOptions = mkOption {
         type = types.attrsOf types.str;
         default = {};
@@ -144,6 +152,7 @@ let
     ++ optional cf.identitiesOnly            "  IdentitiesOnly yes"
     ++ optional (cf.user != null)            "  User ${cf.user}"
     ++ optional (cf.identityFile != null)    "  IdentityFile ${cf.identityFile}"
+    ++ optional (cf.certificateFile != null) "  CertificateFile ${cf.certificateFile}"
     ++ optional (cf.hostname != null)        "  HostName ${cf.hostname}"
     ++ optional (cf.sendEnv != [])           "  SendEnv ${unwords cf.sendEnv}"
     ++ optional (cf.serverAliveInterval != 0)