nixos/ssh: apply options after extraConfig

Otherwise, the standard options (e.g. AddressFamily) cannot be overriden
in extraConfig, as the option is applied on the first (not most
specific) match. Closes #52267
This commit is contained in:
Kai Wohlfahrt 2019-01-10 11:40:18 +00:00 committed by Kai Wohlfahrt
parent f7c6e6bbe3
commit de7abf63b8
1 changed files with 7 additions and 3 deletions

View File

@ -88,7 +88,8 @@ in
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = ''
Extra configuration text appended to <filename>ssh_config</filename>. Extra configuration text prepended to <filename>ssh_config</filename>. Other generated
options will be added after a <code>Host *</code> pattern.
See <citerefentry><refentrytitle>ssh_config</refentrytitle><manvolnum>5</manvolnum></citerefentry> See <citerefentry><refentrytitle>ssh_config</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for help. for help.
''; '';
@ -203,6 +204,11 @@ in
# generation in the sshd service. # generation in the sshd service.
environment.etc."ssh/ssh_config".text = environment.etc."ssh/ssh_config".text =
'' ''
# Custom options from `extraConfig`, to override generated options
${cfg.extraConfig}
# Generated options from other settings
Host *
AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
${optionalString cfg.setXAuthLocation '' ${optionalString cfg.setXAuthLocation ''
@ -213,8 +219,6 @@ in
${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"} ${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"}
${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"} ${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"}
${cfg.extraConfig}
''; '';
environment.etc."ssh/ssh_known_hosts".text = knownHostsText; environment.etc."ssh/ssh_known_hosts".text = knownHostsText;