diff options
| author | Michael Raskin <7c6f434c@mail.ru> | 2014-05-27 01:46:12 -0700 |
|---|---|---|
| committer | Michael Raskin <7c6f434c@mail.ru> | 2014-05-27 01:46:12 -0700 |
| commit | 2e5e49c306c688a4e610db6eb0488570ef187156 (patch) | |
| tree | 43b016d630066602c8319dd52b313353c497c3a6 /nixos/modules/services | |
| parent | 19ce0416f10bbf878498e4347fd5c19e945d3d61 (diff) | |
| parent | 1396f624f46b406e82fcea825962af3f50c747c1 (diff) | |
| download | nixlib-2e5e49c306c688a4e610db6eb0488570ef187156.tar nixlib-2e5e49c306c688a4e610db6eb0488570ef187156.tar.gz nixlib-2e5e49c306c688a4e610db6eb0488570ef187156.tar.bz2 nixlib-2e5e49c306c688a4e610db6eb0488570ef187156.tar.lz nixlib-2e5e49c306c688a4e610db6eb0488570ef187156.tar.xz nixlib-2e5e49c306c688a4e610db6eb0488570ef187156.tar.zst nixlib-2e5e49c306c688a4e610db6eb0488570ef187156.zip | |
Merge pull request #2424 from wkennington/cache.sshKey
ssh: Support knownHost public keys as strings
Diffstat (limited to 'nixos/modules/services')
| -rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 554cc6a1c3fc..e4b29a0b9090 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -18,9 +18,9 @@ let knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts); knownHostsFile = pkgs.writeText "ssh_known_hosts" ( - flip concatMapStrings knownHosts (h: - "${concatStringsSep "," h.hostNames} ${readFile h.publicKeyFile}" - ) + flip concatMapStrings knownHosts (h: '' + ${concatStringsSep "," h.hostNames} ${if h.publicKey != null then h.publicKey else readFile h.publicKeyFile} + '') ); userOptions = { @@ -39,7 +39,7 @@ let }; keyFiles = mkOption { - type = types.listOf types.unspecified; + type = types.listOf types.path; default = []; description = '' A list of files each containing one OpenSSH public key that should be @@ -182,7 +182,7 @@ in }; authorizedKeysFiles = mkOption { - type = types.listOf types.unspecified; + type = types.listOf types.str; default = []; description = "Files from with authorized keys are read."; }; @@ -218,7 +218,18 @@ in the host's ssh service. ''; }; + publicKey = mkOption { + default = null; + type = types.nullOr types.str; + description = '' + The public key data for the host. You can fetch a public key + from a running SSH server with the <command>ssh-keyscan</command> + command. + ''; + }; publicKeyFile = mkOption { + default = null; + type = types.nullOr types.path; description = '' The path to the public key file for the host. The public key file is read at build time and saved in the Nix store. @@ -367,7 +378,12 @@ in ''; assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; - message = "cannot enable X11 forwarding without setting xauth location";}]; + message = "cannot enable X11 forwarding without setting xauth location";}] + ++ flip mapAttrsToList cfg.knownHosts (name: data: { + assertion = (data.publicKey == null && data.publicKeyFile != null) || + (data.publicKey != null && data.publicKeyFile == null); + message = "knownHost ${name} must contain either a publicKey or publicKeyFile"; + }); }; |