diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2016-02-07 13:52:42 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2016-02-07 13:52:42 +0100 |
commit | a115bff08c1f2046957d09a6a908202d1b98c311 (patch) | |
tree | e15cfb7f524284fcefa5119e7ee0abe2ae1096d9 /nixos/modules/services/networking | |
parent | 234f4611393a6818b317f3ad93d2e276515bdc33 (diff) | |
parent | 98ffc61e2f846c4818280a4cccce3fdad3eb9677 (diff) | |
download | nixlib-a115bff08c1f2046957d09a6a908202d1b98c311.tar nixlib-a115bff08c1f2046957d09a6a908202d1b98c311.tar.gz nixlib-a115bff08c1f2046957d09a6a908202d1b98c311.tar.bz2 nixlib-a115bff08c1f2046957d09a6a908202d1b98c311.tar.lz nixlib-a115bff08c1f2046957d09a6a908202d1b98c311.tar.xz nixlib-a115bff08c1f2046957d09a6a908202d1b98c311.tar.zst nixlib-a115bff08c1f2046957d09a6a908202d1b98c311.zip |
Merge branch 'master' into staging
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/connman.nix | 6 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 13 |
2 files changed, 15 insertions, 4 deletions
diff --git a/nixos/modules/services/networking/connman.nix b/nixos/modules/services/networking/connman.nix index deb1cbfc1858..3fecfbb13a04 100644 --- a/nixos/modules/services/networking/connman.nix +++ b/nixos/modules/services/networking/connman.nix @@ -53,13 +53,13 @@ in { config = mkIf cfg.enable { assertions = [{ - assertion = config.networking.useDHCP == false; + assertion = !config.networking.useDHCP; message = "You can not use services.networking.connman with services.networking.useDHCP"; }{ - assertion = config.networking.wireless.enable == true; + assertion = config.networking.wireless.enable; message = "You must use services.networking.connman with services.networking.wireless"; }{ - assertion = config.networking.networkmanager.enable == false; + assertion = !config.networking.networkmanager.enable; message = "You can not use services.networking.connman with services.networking.networkmanager"; }]; diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 5baea4bc6aea..ba3efc8c0c2a 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -52,6 +52,8 @@ let )); in listToAttrs (map mkAuthKeyFile usersWithKeys); + supportOldHostKeys = !versionAtLeast config.system.stateVersion "15.07"; + in { @@ -177,7 +179,7 @@ in default = [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; } { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ] ++ optionals (!versionAtLeast config.system.stateVersion "15.07") + ] ++ optionals supportOldHostKeys [ { type = "dsa"; path = "/etc/ssh/ssh_host_dsa_key"; } { type = "ecdsa"; bits = 521; path = "/etc/ssh/ssh_host_ecdsa_key"; } ]; @@ -347,6 +349,15 @@ in ${flip concatMapStrings cfg.hostKeys (k: '' HostKey ${k.path} '')} + + # Allow DSA client keys for now. (These were deprecated + # in OpenSSH 7.0.) + PubkeyAcceptedKeyTypes +ssh-dss + + # Re-enable DSA host keys for now. + ${optionalString supportOldHostKeys '' + HostKeyAlgorithms +ssh-dss + ''} ''; assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; |