diff options
| author | edef <edef@edef.eu> | 2019-06-19 12:14:46 +0000 |
|---|---|---|
| committer | edef <edef@edef.eu> | 2019-07-21 14:23:41 +0000 |
| commit | 1c9a2d4d7f2525bda7ceb9f342b217f5dc6254ae (patch) | |
| tree | e01bfc57b00a519904dfc26ff20153ce9870c242 | |
| parent | Merge pull request #65224 from Mic92/teamspeak (diff) | |
| download | nixpkgs-origin/openssh-known-hosts-ca.tar.gz | |
nixos/programs/ssh: allow specifying known host CAsorigin/openssh-known-hosts-ca
| -rw-r--r-- | nixos/modules/programs/ssh.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 46965dd35b71..18b183eca9e2 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -21,7 +21,7 @@ let knownHostsText = (flip (concatMapStringsSep "\n") knownHosts (h: assert h.hostNames != []; - concatStringsSep "," h.hostNames + " " + optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " " + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile) )) + "\n"; @@ -128,6 +128,14 @@ in default = {}; type = types.loaOf (types.submodule ({ name, ... }: { options = { + certAuthority = mkOption { + type = types.bool; + default = false; + description = '' + This public key is an SSH certificate authority, rather than an + individual host's key. + ''; + }; hostNames = mkOption { type = types.listOf types.str; default = []; |