diff options
author | Kai Wohlfahrt <kai@prodo.ai> | 2019-01-10 11:40:18 +0000 |
---|---|---|
committer | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2019-02-18 21:58:46 +0000 |
commit | de7abf63b887cf91a5d2396934e39e79860c5378 (patch) | |
tree | f37bb31bad8e823398011c577f5e55523a24e683 | |
parent | f7c6e6bbe3c325d7dcb56ff4b3356c40c8866c82 (diff) |
nixos/ssh: apply options after extraConfig
Otherwise, the standard options (e.g. AddressFamily) cannot be overriden in extraConfig, as the option is applied on the first (not most specific) match. Closes #52267
-rw-r--r-- | nixos/modules/programs/ssh.nix | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 4640c1d78d20e..46965dd35b713 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -88,7 +88,8 @@ in type = types.lines; default = ""; description = '' - Extra configuration text appended to <filename>ssh_config</filename>. + Extra configuration text prepended to <filename>ssh_config</filename>. Other generated + options will be added after a <code>Host *</code> pattern. See <citerefentry><refentrytitle>ssh_config</refentrytitle><manvolnum>5</manvolnum></citerefentry> for help. ''; @@ -203,6 +204,11 @@ in # generation in the sshd service. environment.etc."ssh/ssh_config".text = '' + # Custom options from `extraConfig`, to override generated options + ${cfg.extraConfig} + + # Generated options from other settings + Host * AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} ${optionalString cfg.setXAuthLocation '' @@ -213,8 +219,6 @@ in ${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"} ${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"} - - ${cfg.extraConfig} ''; environment.etc."ssh/ssh_known_hosts".text = knownHostsText; |