movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-14 13:39:15 +03:00
Code Issues Projects Releases Packages Wiki Activity

Added option for specifying system-wide known hosts file for OpenSSH.

Browse source 
svn path=/nixos/trunk/; revision=34038
This commit is contained in:
Rickard Nilsson 2012-05-09 22:11:07 +00:00
parent 2df81f42a5
commit 658ea20e7f
1 changed files with 50 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

52
modules/services/networking/ssh/sshd.nix
View file

@ -30,6 +30,14 @@ let
hktn = attrByPath [cfg.hostKeyType] (throw "unknown host key type `${cfg.hostKeyType}'") hostKeyTypeNames; hktn = attrByPath [cfg.hostKeyType] (throw "unknown host key type `${cfg.hostKeyType}'") hostKeyTypeNames;
hktb = attrByPath [cfg.hostKeyType] (throw "unknown host key type `${cfg.hostKeyType}'") hostKeyTypeBits; hktb = attrByPath [cfg.hostKeyType] (throw "unknown host key type `${cfg.hostKeyType}'") hostKeyTypeBits;
knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);
knownHostsFile = pkgs.writeText "ssh_known_hosts" (
flip concatMapStrings knownHosts (h:
"${concatStringsSep "," h.hostNames} ${builtins.readFile h.publicKeyFile}"
)
);
userOptions = { userOptions = {
openssh.authorizedKeys = { openssh.authorizedKeys = {
@ -218,6 +226,42 @@ in
description = "Verbatim contents of <filename>sshd_config</filename>."; description = "Verbatim contents of <filename>sshd_config</filename>.";
}; };
knownHosts = mkOption {
default = {};
type = types.loaOf types.optionSet;
description = ''
The set of system-wide known SSH hosts.
'';
example = [
{
hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ];
publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
}
{
hostNames = [ "myhost2" ];
publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
}
];
options = {
hostNames = mkOption {
type = types.listOf types.string;
default = [];
description = ''
A list of host names and/or IP numbers used for accessing
the host's ssh service.
'';
};
publicKeyFile = mkOption {
description = ''
The path to the public key file for the host. The public
key file is read at build time and saved in the Nix store.
You can fetch a public key file from a running SSH server
with the <literal>ssh-keyscan</literal> command.
'';
};
};
};
}; };
users.extraUsers = mkOption { users.extraUsers = mkOption {
@ -238,10 +282,14 @@ in
home = "/var/empty"; home = "/var/empty";
}; };
environment.etc = singleton environment.etc = [
{ source = "${pkgs.openssh}/etc/ssh/moduli"; { source = "${pkgs.openssh}/etc/ssh/moduli";
target = "ssh/moduli"; target = "ssh/moduli";
}; }
{ source = knownHostsFile;
target = "ssh/ssh_known_hosts";
}
];
jobs.sshd = { jobs.sshd = {