nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 07:53:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #65227 from NixOS/openssh-known-hosts-ca

Browse Source 
nixos/programs/ssh: allow specifying known host CAs
This commit is contained in:
edef 2019-07-31 12:08:58 +00:00 committed by GitHub
commit 4bcc6e11d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/modules/programs/ssh.nix
View File

@ -21,7 +21,7 @@ let
knownHostsText = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != [];
concatStringsSep "," h.hostNames + " "
optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n";
@ -128,6 +128,14 @@ in
default = {};
type = types.loaOf (types.submodule ({ name, ... }: {
options = {
certAuthority = mkOption {
type = types.bool;
default = false;
description = ''
This public key is an SSH certificate authority, rather than an
individual host's key.
'';
};
hostNames = mkOption {
type = types.listOf types.str;
default = [];