From de7abf63b887cf91a5d2396934e39e79860c5378 Mon Sep 17 00:00:00 2001 From: Kai Wohlfahrt Date: Thu, 10 Jan 2019 11:40:18 +0000 Subject: [PATCH] nixos/ssh: apply options after extraConfig Otherwise, the standard options (e.g. AddressFamily) cannot be overriden in extraConfig, as the option is applied on the first (not most specific) match. Closes #52267 --- nixos/modules/programs/ssh.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 4640c1d78d20..46965dd35b71 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -88,7 +88,8 @@ in type = types.lines; default = ""; description = '' - Extra configuration text appended to ssh_config. + Extra configuration text prepended to ssh_config. Other generated + options will be added after a Host * pattern. See ssh_config5 for help. ''; @@ -203,6 +204,11 @@ in # generation in the sshd service. environment.etc."ssh/ssh_config".text = '' + # Custom options from `extraConfig`, to override generated options + ${cfg.extraConfig} + + # Generated options from other settings + Host * AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} ${optionalString cfg.setXAuthLocation '' @@ -213,8 +219,6 @@ in ${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"} ${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"} - - ${cfg.extraConfig} ''; environment.etc."ssh/ssh_known_hosts".text = knownHostsText;