diff options
author | Linus Heckemann <git@sphalerite.org> | 2019-02-25 12:06:11 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-25 12:06:11 +0100 |
commit | dd251403053dc9f7c188c3f30b76538d7a13202e (patch) | |
tree | 4a682dcdbe61c9342e82e9131c313e69d04e07ba | |
parent | 7ca00868ec0b8425122c755f892af003fc36019e (diff) | |
parent | 131e31cd1b7bbef6214a0e711136bf4093fde7b5 (diff) |
Merge pull request #56326 from uvNikita/openssh/fix-socket
sshd: fix startWhenNeeded and listenAddresses combination
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 5 | ||||
-rw-r--r-- | nixos/tests/openssh.nix | 23 |
2 files changed, 27 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 95dc8a62a454e..b9b5d40c45742 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -400,7 +400,10 @@ in sockets.sshd = { description = "SSH Socket"; wantedBy = [ "sockets.target" ]; - socketConfig.ListenStream = cfg.ports; + socketConfig.ListenStream = if cfg.listenAddresses != [] then + map (l: "${l.addr}:${toString (if l.port != null then l.port else 22)}") cfg.listenAddresses + else + cfg.ports; socketConfig.Accept = true; }; diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index 219a20c5c7e12..8b9e2170f1502 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -34,6 +34,24 @@ in { ]; }; + server_localhost_only = + { ... }: + + { + services.openssh = { + enable = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } ]; + }; + }; + + server_localhost_only_lazy = + { ... }: + + { + services.openssh = { + enable = true; startWhenNeeded = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } ]; + }; + }; + client = { ... }: { }; @@ -77,5 +95,10 @@ in { " server_lazy true"); }; + + subtest "localhost-only", sub { + $server_localhost_only->succeed("ss -nlt | grep '127.0.0.1:22'"); + $server_localhost_only_lazy->succeed("ss -nlt | grep '127.0.0.1:22'"); + } ''; }) |