diff options
author | Carl Richard Theodor Schneider <dev.github@crtified.me> | 2023-09-19 13:04:11 +0200 |
---|---|---|
committer | Carl Richard Theodor Schneider <dev.github@crtified.me> | 2023-09-19 18:13:44 +0200 |
commit | 716bde190c4b113ce309a58f34e39dba64402d2b (patch) | |
tree | de7a78fe27df008bf22ee4a8ffce04274795015a | |
parent | a49246aef97d2902ea432107724af36516c66863 (diff) | |
download | nixlib-716bde190c4b113ce309a58f34e39dba64402d2b.tar nixlib-716bde190c4b113ce309a58f34e39dba64402d2b.tar.gz nixlib-716bde190c4b113ce309a58f34e39dba64402d2b.tar.bz2 nixlib-716bde190c4b113ce309a58f34e39dba64402d2b.tar.lz nixlib-716bde190c4b113ce309a58f34e39dba64402d2b.tar.xz nixlib-716bde190c4b113ce309a58f34e39dba64402d2b.tar.zst nixlib-716bde190c4b113ce309a58f34e39dba64402d2b.zip |
nixos/sshd: specify `lport`,`laddr` for config validation
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 702423ef09cd..bf2f5230c738 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -27,13 +27,11 @@ let mkValueString = mkValueStringSshd; } " ";}); - configFile = settingsFormat.generate "config" cfg.settings; - sshconf = pkgs.runCommand "sshd.conf-validated" { nativeBuildInputs = [ validationPackage ]; } '' + configFile = settingsFormat.generate "sshd.conf-settings" cfg.settings; + sshconf = pkgs.runCommand "sshd.conf-final" { } '' cat ${configFile} - >$out <<EOL ${cfg.extraConfig} EOL - - sshd -G -f $out ''; cfg = config.services.openssh; @@ -576,6 +574,21 @@ in '')} ''; + system.checks = [ + (pkgs.runCommand "check-sshd-config" + { + nativeBuildInputs = [ validationPackage ]; + } '' + ${concatMapStringsSep "\n" + (lport: "sshd -G -T -C lport=${toString lport} -f ${sshconf} > /dev/null") + cfg.ports} + ${concatMapStringsSep "\n" + (la: "sshd -G -T -C laddr=${la.addr},lport=${toString la.port} -f ${sshconf} > /dev/null") + cfg.listenAddresses} + touch $out + '') + ]; + assertions = [{ assertion = if cfg.settings.X11Forwarding then cfgc.setXAuthLocation else true; message = "cannot enable X11 forwarding without setting xauth location";} (let |