about summary refs log tree commit diff
path: root/nixos/modules/programs/ssh.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/programs/ssh.nix')
-rw-r--r--nixos/modules/programs/ssh.nix25
1 files changed, 18 insertions, 7 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix
index b31fce9152404..75685de4f04e3 100644
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@@ -157,9 +157,13 @@ in
               default = [ name ] ++ config.extraHostNames;
               defaultText = literalExpression "[ ${name} ] ++ config.${options.extraHostNames}";
               description = ''
-                DEPRECATED, please use <literal>extraHostNames</literal>.
                 A list of host names and/or IP numbers used for accessing
-                the host's ssh service.
+                the host's ssh service. This list includes the name of the
+                containing <literal>knownHosts</literal> attribute by default
+                for convenience. If you wish to configure multiple host keys
+                for the same host use multiple <literal>knownHosts</literal>
+                entries with different attribute names and the same
+                <literal>hostNames</literal> list.
               '';
             };
             extraHostNames = mkOption {
@@ -167,7 +171,8 @@ in
               default = [];
               description = ''
                 A list of additional host names and/or IP numbers used for
-                accessing the host's ssh service.
+                accessing the host's ssh service. This list is ignored if
+                <literal>hostNames</literal> is set explicitly.
               '';
             };
             publicKey = mkOption {
@@ -198,7 +203,12 @@ in
           };
         }));
         description = ''
-          The set of system-wide known SSH hosts.
+          The set of system-wide known SSH hosts. To make simple setups more
+          convenient the name of an attribute in this set is used as a host name
+          for the entry. This behaviour can be disabled by setting
+          <literal>hostNames</literal> explicitly. You can use
+          <literal>extraHostNames</literal> to add additional host names without
+          disabling this default.
         '';
         example = literalExpression ''
           {
@@ -207,6 +217,10 @@ in
               publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
             };
             "myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
+            "myhost2.net/dsa" = {
+              hostNames = [ "myhost2.net" ];
+              publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
+            };
           }
         '';
       };
@@ -279,9 +293,6 @@ in
         message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
       });
 
-    warnings = mapAttrsToList (name: _: ''programs.ssh.knownHosts.${name}.hostNames is deprecated, use programs.ssh.knownHosts.${name}.extraHostNames'')
-      (filterAttrs (name: {hostNames, extraHostNames, ...}: hostNames != [ name ] ++ extraHostNames) cfg.knownHosts);
-
     # SSH configuration. Slight duplication of the sshd_config
     # generation in the sshd service.
     environment.etc."ssh/ssh_config".text =
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-18 18:46:35 +0000