nix/8.nix-darwin
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

programs.ssh: write ssh known_hosts only if there are any set

Browse source
This commit is contained in:
Wael M. Nasreddine 2020-04-05 19:48:56 -07:00 committed by Wael M. Nasreddine
parent 4496ab2662
commit e58bcb921b
No known key found for this signature in database
GPG key ID: 8EBD95DC147755A2
3 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/programs/ssh/default.nix
View file

@ -151,12 +151,13 @@ in
services.openssh.authorizedKeysFiles = [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ];
environment.etc = authKeysFiles //
{ "ssh/ssh_known_hosts".text = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != [];
concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n";
{ "ssh/ssh_known_hosts" = mkIf (builtins.length knownHosts > 0) {
text = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != [];
concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n";
};
"ssh/sshd_config.d/101-authorized-keys.conf" = {
text = "AuthorizedKeysFile ${toString config.services.openssh.authorizedKeysFiles}\n";
# Allows us to automatically migrate from using a file to a symlink