diff options
| author | edef <edef@edef.eu> | 2019-07-31 12:08:58 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-31 12:08:58 +0000 |
| commit | 4bcc6e11d353d4881e03a0a4166df4d8e3792f01 (patch) | |
| tree | 83c80556e66ae3dbaa3500ca11c7d0fee8f76fc6 /nixos/modules/programs | |
| parent | 11aebf406fcc9442e19a27908523a050611b1ee8 (diff) | |
| parent | 1c9a2d4d7f2525bda7ceb9f342b217f5dc6254ae (diff) | |
| download | nixlib-4bcc6e11d353d4881e03a0a4166df4d8e3792f01.tar nixlib-4bcc6e11d353d4881e03a0a4166df4d8e3792f01.tar.gz nixlib-4bcc6e11d353d4881e03a0a4166df4d8e3792f01.tar.bz2 nixlib-4bcc6e11d353d4881e03a0a4166df4d8e3792f01.tar.lz nixlib-4bcc6e11d353d4881e03a0a4166df4d8e3792f01.tar.xz nixlib-4bcc6e11d353d4881e03a0a4166df4d8e3792f01.tar.zst nixlib-4bcc6e11d353d4881e03a0a4166df4d8e3792f01.zip | |
Merge pull request #65227 from NixOS/openssh-known-hosts-ca
nixos/programs/ssh: allow specifying known host CAs
Diffstat (limited to 'nixos/modules/programs')
| -rw-r--r-- | nixos/modules/programs/ssh.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 46965dd35b71..18b183eca9e2 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -21,7 +21,7 @@ let knownHostsText = (flip (concatMapStringsSep "\n") knownHosts (h: assert h.hostNames != []; - concatStringsSep "," h.hostNames + " " + optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " " + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile) )) + "\n"; @@ -128,6 +128,14 @@ in default = {}; type = types.loaOf (types.submodule ({ name, ... }: { options = { + certAuthority = mkOption { + type = types.bool; + default = false; + description = '' + This public key is an SSH certificate authority, rather than an + individual host's key. + ''; + }; hostNames = mkOption { type = types.listOf types.str; default = []; |