mirror of
https://github.com/LnL7/nix-darwin.git
synced 2025-03-16 13:28:16 +00:00
programs.ssh: add certificate authorities
This commit is contained in:
parent
7e08a9dd34
commit
cf45edbf27
1 changed files with 9 additions and 1 deletions
|
@ -11,6 +11,14 @@ let
|
||||||
{ name, ... }:
|
{ name, ... }:
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
|
certAuthority = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
This public key is an SSH certificate authority, rather than an
|
||||||
|
individual host's key.
|
||||||
|
'';
|
||||||
|
};
|
||||||
hostNames = mkOption {
|
hostNames = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [];
|
default = [];
|
||||||
|
@ -139,7 +147,7 @@ in
|
||||||
{ "ssh/ssh_known_hosts" = mkIf (builtins.length knownHosts > 0) {
|
{ "ssh/ssh_known_hosts" = mkIf (builtins.length knownHosts > 0) {
|
||||||
text = (flip (concatMapStringsSep "\n") knownHosts
|
text = (flip (concatMapStringsSep "\n") knownHosts
|
||||||
(h: assert h.hostNames != [];
|
(h: assert h.hostNames != [];
|
||||||
concatStringsSep "," h.hostNames + " "
|
lib.optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " "
|
||||||
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
|
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
|
||||||
)) + "\n";
|
)) + "\n";
|
||||||
};
|
};
|
||||||
|
|
Loading…
Add table
Reference in a new issue