public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #58718 from Ma27/validate-ssh-configs

Browse Source 
nixos/sshd: validate ssh configs during build
This commit is contained in:
Franz Pletz 2019-05-24 18:30:04 +00:00 committed by GitHub
commit eb7c11d552
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -4,6 +4,15 @@ with lib;
let let
sshconf = pkgs.runCommand "sshd.conf-validated" { nativeBuildInputs = [ cfgc.package ]; } ''
cat >$out <<EOL
${cfg.extraConfig}
EOL
ssh-keygen -f mock-hostkey -N ""
sshd -t -f $out -h mock-hostkey
'';
cfg = config.services.openssh; cfg = config.services.openssh;
cfgc = config.programs.ssh; cfgc = config.programs.ssh;
@ -339,7 +348,7 @@ in
environment.etc = authKeysFiles // environment.etc = authKeysFiles //
{ "ssh/moduli".source = cfg.moduliFile; { "ssh/moduli".source = cfg.moduliFile;
"ssh/sshd_config".text = cfg.extraConfig; "ssh/sshd_config".source = sshconf;
}; };
systemd = systemd =