diff options
| author | Taeer Bar-Yam <taeer@bar-yam.me> | 2022-01-19 08:48:41 -0500 |
|---|---|---|
| committer | Taeer Bar-Yam <taeer@bar-yam.me> | 2022-01-19 08:48:41 -0500 |
| commit | 8fa2e787f1400fd636983c9865ce0ef6cd3d193d (patch) | |
| tree | d8cd2ef118b895978c1566e665d5c91ae9326d55 /nixos | |
| parent | 42d3974dbdcee206177872435ab960d4ab2dbbf5 (diff) | |
| download | nixpkgs-8fa2e787f1400fd636983c9865ce0ef6cd3d193d.tar nixpkgs-8fa2e787f1400fd636983c9865ce0ef6cd3d193d.tar.gz nixpkgs-8fa2e787f1400fd636983c9865ce0ef6cd3d193d.tar.bz2 nixpkgs-8fa2e787f1400fd636983c9865ce0ef6cd3d193d.tar.lz nixpkgs-8fa2e787f1400fd636983c9865ce0ef6cd3d193d.tar.xz nixpkgs-8fa2e787f1400fd636983c9865ce0ef6cd3d193d.tar.zst nixpkgs-8fa2e787f1400fd636983c9865ce0ef6cd3d193d.zip | |
modules/programs/ssh: knownHosts -> extraKnownHosts
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/programs/ssh.nix | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 35380f86420..6086abfc238 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -17,7 +17,7 @@ let exec ${askPassword} "$@" ''; - knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts); + knownHosts = attrValues cfg.knownHosts; knownHostsText = (flip (concatMapStringsSep "\n") knownHosts (h: assert h.hostNames != []; @@ -142,7 +142,7 @@ in knownHosts = mkOption { default = {}; - type = types.attrsOf (types.submodule ({ name, ... }: { + type = types.attrsOf (types.submodule ({ name, config, ... }: { options = { certAuthority = mkOption { type = types.bool; @@ -154,12 +154,21 @@ in }; hostNames = mkOption { type = types.listOf types.str; - default = []; + default = [ name ] ++ config.extraHostNames; description = '' + DEPRECATED, please use <literal>extraHostNames</literal>. A list of host names and/or IP numbers used for accessing the host's ssh service. ''; }; + extraHostNames = mkOption { + type = types.listOf types.str; + default = []; + description = '' + A list of additional host names and/or IP numbers used for + accessing the host's ssh service. + ''; + }; publicKey = mkOption { default = null; type = types.nullOr types.str; @@ -186,9 +195,6 @@ in ''; }; }; - config = { - hostNames = mkDefault [ name ]; - }; })); description = '' The set of system-wide known SSH hosts. @@ -196,13 +202,10 @@ in example = literalExpression '' { myhost = { - hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ]; + extraHostNames = [ "myhost.mydomain.com" "10.10.1.4" ]; publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub; }; - myhost2 = { - hostNames = [ "myhost2" ]; - publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub; - }; + "myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK"; } ''; }; @@ -275,6 +278,9 @@ in message = "knownHost ${name} must contain either a publicKey or publicKeyFile"; }); + warnings = mapAttrsToList (name: _: ''programs.ssh.knownHosts.${name}.hostNames is deprecated use programs.ssh.knownHosts.${name}.extraHostNames'') + (filterAttrs (name: {hostNames, extraHostNames, ...}: hostNames != [ name ] ++ extraHostNames) cfg.knownHosts); + # SSH configuration. Slight duplication of the sshd_config # generation in the sshd service. environment.etc."ssh/ssh_config".text = |