From 78c33177ce93cf0ce4142b1e19e7583ebd96e7b9 Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <william@wkennington.com>
Date: Sun, 27 Apr 2014 17:01:06 -0500
Subject: ssh: Support knownHost public keys as strings

---
 nixos/modules/services/networking/ssh/sshd.nix | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 554cc6a1c3fc..4a60e59b20b6 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -18,9 +18,9 @@ let
   knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);
 
   knownHostsFile = pkgs.writeText "ssh_known_hosts" (
-    flip concatMapStrings knownHosts (h:
-      "${concatStringsSep "," h.hostNames} ${readFile h.publicKeyFile}"
-    )
+    flip concatMapStrings knownHosts (h: ''
+      ${concatStringsSep "," h.hostNames} ${if h.publicKey != null then h.publicKey else readFile h.publicKeyFile}
+    '')
   );
 
   userOptions = {
@@ -218,7 +218,18 @@ in
               the host's ssh service.
             '';
           };
+          publicKey = mkOption {
+            default = null;
+            type = types.nullOr types.string;
+            description = ''
+              The public key data for the host. You can fetch a public key
+              from a running SSH server with the <command>ssh-keyscan</command>
+              command.
+            '';
+          };
           publicKeyFile = mkOption {
+            default = null;
+            type = types.nullOr types.unspecified;
             description = ''
               The path to the public key file for the host. The public
               key file is read at build time and saved in the Nix store.
@@ -367,7 +378,12 @@ in
       '';
 
     assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
-                    message = "cannot enable X11 forwarding without setting xauth location";}];
+                    message = "cannot enable X11 forwarding without setting xauth location";}]
+      ++ flip mapAttrsToList cfg.knownHosts (name: data: {
+        assertion = (data.publicKey == null && data.publicKeyFile != null) ||
+                    (data.publicKey != null && data.publicKeyFile == null);
+        message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
+      });
 
   };
 
-- 
cgit 1.4.1