nixos/ssh: undeprecate knownHosts.«name».hostNames

hostNames being deprecated makes configuring hosts with multiple keys a pain. including the attr name of the entry in the host name list is a nice convenience though, so we'll retain it and clarify the documentation on how the actual host name list for an entry is put together.
2025-06-12 04:35:41 +03:00 · 2022-03-19 01:36:59 +01:00 · 2022-03-19 01:36:59 +01:00 · e9f17a9f45
commit e9f17a9f45
parent f18433bac5
3 changed files with 26 additions and 11 deletions
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@ -157,9 +157,13 @@ in
              default = [ name ] ++ config.extraHostNames;
              defaultText = literalExpression "[ ${name} ] ++ config.${options.extraHostNames}";
              description = ''
-                DEPRECATED, please use <literal>extraHostNames</literal>.
                A list of host names and/or IP numbers used for accessing
-                the host's ssh service.
+                the host's ssh service. This list includes the name of the
+                containing <literal>knownHosts</literal> attribute by default
+                for convenience. If you wish to configure multiple host keys
+                for the same host use multiple <literal>knownHosts</literal>
+                entries with different attribute names and the same
+                <literal>hostNames</literal> list.
              '';
            };
            extraHostNames = mkOption {
@ -167,7 +171,8 @@ in
              default = [];
              description = ''
                A list of additional host names and/or IP numbers used for
-                accessing the host's ssh service.
+                accessing the host's ssh service. This list is ignored if
+                <literal>hostNames</literal> is set explicitly.
              '';
            };
            publicKey = mkOption {
@ -198,7 +203,12 @@ in
          };
        }));
        description = ''
-          The set of system-wide known SSH hosts.
+          The set of system-wide known SSH hosts. To make simple setups more
+          convenient the name of an attribute in this set is used as a host name
+          for the entry. This behaviour can be disabled by setting
+          <literal>hostNames</literal> explicitly. You can use
+          <literal>extraHostNames</literal> to add additional host names without
+          disabling this default.
        '';
        example = literalExpression ''
          {
@ -207,6 +217,10 @@ in
              publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
            };
            "myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
+            "myhost2.net/dsa" = {
+              hostNames = [ "myhost2.net" ];
+              publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
+            };
          }
        '';
      };
@ -279,9 +293,6 @@ in
        message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
      });

-    warnings = mapAttrsToList (name: _: ''programs.ssh.knownHosts.${name}.hostNames is deprecated, use programs.ssh.knownHosts.${name}.extraHostNames'')
-      (filterAttrs (name: {hostNames, extraHostNames, ...}: hostNames != [ name ] ++ extraHostNames) cfg.knownHosts);
-
    # SSH configuration. Slight duplication of the sshd_config
    # generation in the sshd service.
    environment.etc."ssh/ssh_config".text =