diff options
| author | r-vdp <ramses@well-founded.dev> | 2023-05-29 10:40:36 +0200 |
|---|---|---|
| committer | Matthieu Coudron <teto@users.noreply.github.com> | 2023-05-31 15:12:45 +0200 |
| commit | 7098a461b99238eabc920b7c6df95035aa107696 (patch) | |
| tree | ecb94e324ca851bcacd0ef1277b531ff00ad9016 | |
| parent | Merge pull request #235174 from NixOS/backport-234924-to-release-23.05 (diff) | |
| download | nixpkgs-7098a461b99238eabc920b7c6df95035aa107696.tar.gz | |
modules/sshd: print the offending keys when we detect duplicate sshd keys.
(cherry picked from commit 2206548a3270c928a3295ce21eedca4dad2b3e3c)
| -rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index a0904f59a72e..70dde79a198d 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -570,14 +570,26 @@ in assertions = [{ assertion = if cfg.settings.X11Forwarding then cfgc.setXAuthLocation else true; message = "cannot enable X11 forwarding without setting xauth location";} - { assertion = lib.lists.unique (map (x: lib.strings.toLower x) (attrNames cfg.settings)) - == (map (x: lib.strings.toLower x) (attrNames cfg.settings)); - message = "Duplicate sshd config key; does your capitalization match the option's?"; } ] + (let + duplicates = + # Filter out the groups with more than 1 element + lib.filter (l: lib.length l > 1) ( + # Grab the groups, we don't care about the group identifiers + lib.attrValues ( + # Group the settings that are the same in lower case + lib.groupBy lib.strings.toLower (attrNames cfg.settings) + ) + ); + formattedDuplicates = lib.concatMapStringsSep ", " (dupl: "(${lib.concatStringsSep ", " dupl})") duplicates; + in + { + assertion = lib.length duplicates == 0; + message = ''Duplicate sshd config key; does your capitalization match the option's? Duplicate keys: ${formattedDuplicates}''; + })] ++ forEach cfg.listenAddresses ({ addr, ... }: { assertion = addr != null; message = "addr must be specified in each listenAddresses entry"; }); - }; } |