diff options
author | r-vdp <ramses@well-founded.dev> | 2023-05-29 10:40:36 +0200 |
---|---|---|
committer | Matthieu Coudron <teto@users.noreply.github.com> | 2023-05-31 12:07:06 +0200 |
commit | 2b63df0a03510bd9579f9a53cc22f83be97996a3 (patch) | |
tree | ed1030c09dc861e7105ae3270bb99baff28fc26e /nixos/modules/services | |
parent | 20cb596dd4ab1b7cdf9f0bbcf2950fab021e6d43 (diff) | |
download | nixlib-2b63df0a03510bd9579f9a53cc22f83be97996a3.tar nixlib-2b63df0a03510bd9579f9a53cc22f83be97996a3.tar.gz nixlib-2b63df0a03510bd9579f9a53cc22f83be97996a3.tar.bz2 nixlib-2b63df0a03510bd9579f9a53cc22f83be97996a3.tar.lz nixlib-2b63df0a03510bd9579f9a53cc22f83be97996a3.tar.xz nixlib-2b63df0a03510bd9579f9a53cc22f83be97996a3.tar.zst nixlib-2b63df0a03510bd9579f9a53cc22f83be97996a3.zip |
modules/sshd: print the offending keys when we detect duplicate sshd keys.
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index a0904f59a72e..70dde79a198d 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -570,14 +570,26 @@ in assertions = [{ assertion = if cfg.settings.X11Forwarding then cfgc.setXAuthLocation else true; message = "cannot enable X11 forwarding without setting xauth location";} - { assertion = lib.lists.unique (map (x: lib.strings.toLower x) (attrNames cfg.settings)) - == (map (x: lib.strings.toLower x) (attrNames cfg.settings)); - message = "Duplicate sshd config key; does your capitalization match the option's?"; } ] + (let + duplicates = + # Filter out the groups with more than 1 element + lib.filter (l: lib.length l > 1) ( + # Grab the groups, we don't care about the group identifiers + lib.attrValues ( + # Group the settings that are the same in lower case + lib.groupBy lib.strings.toLower (attrNames cfg.settings) + ) + ); + formattedDuplicates = lib.concatMapStringsSep ", " (dupl: "(${lib.concatStringsSep ", " dupl})") duplicates; + in + { + assertion = lib.length duplicates == 0; + message = ''Duplicate sshd config key; does your capitalization match the option's? Duplicate keys: ${formattedDuplicates}''; + })] ++ forEach cfg.listenAddresses ({ addr, ... }: { assertion = addr != null; message = "addr must be specified in each listenAddresses entry"; }); - }; } |