mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-16 13:28:16 +00:00
Code Activity

programs.ssh: add certificate authorities

Browse source
This commit is contained in:
Jörg Thalheim 2024-07-31 19:34:17 +02:00
parent 7e08a9dd34
commit cf45edbf27
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
modules/programs/ssh/default.nix
View file

@ -11,6 +11,14 @@ let
{ name, ... }: { name, ... }:
{ {
options = { options = {
certAuthority = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
This public key is an SSH certificate authority, rather than an
individual host's key.
'';
};
hostNames = mkOption { hostNames = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
@ -139,7 +147,7 @@ in
{ "ssh/ssh_known_hosts" = mkIf (builtins.length knownHosts > 0) { { "ssh/ssh_known_hosts" = mkIf (builtins.length knownHosts > 0) {
text = (flip (concatMapStringsSep "\n") knownHosts text = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != []; (h: assert h.hostNames != [];
concatStringsSep "," h.hostNames + " " lib.optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile) + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n"; )) + "\n";
}; };