diff --git a/modules/misc/news.nix b/modules/misc/news.nix index a0718b19..e903669e 100644 --- a/modules/misc/news.nix +++ b/modules/misc/news.nix @@ -587,6 +587,24 @@ in A new module is available: 'programs.fzf'. ''; } + + { + time = "2018-03-25T06:49:57+00:00"; + condition = with config.programs.ssh; enable && matchBlocks != {}; + message = '' + Options set through the 'programs.ssh' module are now placed + at the end of the SSH configuration file. This was done to + make it possible to override global options such as + 'ForwardAgent' or 'Compression' inside a host match block. + + If you truly need to override an SSH option across all match + blocks then the new option + + programs.ssh.extraOptionOverrides + + can be used. + ''; + } ]; }; } diff --git a/modules/programs/ssh.nix b/modules/programs/ssh.nix index 4c68ebf8..c62f37eb 100644 --- a/modules/programs/ssh.nix +++ b/modules/programs/ssh.nix @@ -220,9 +220,18 @@ in ''; }; + extraOptionOverrides = mkOption { + type = types.attrsOf types.str; + default = {}; + description = '' + Extra SSH configuration options that take precedence over any + host specific configuration. + ''; + }; + matchBlocks = mkOption { type = types.loaOf matchBlockModule; - default = []; + default = {}; example = literalExample '' { "john.example.com" = { @@ -248,20 +257,24 @@ in config = mkIf cfg.enable { home.file.".ssh/config".text = '' - ForwardAgent ${yn cfg.forwardAgent} - Compression ${yn cfg.compression} - ServerAliveInterval ${toString cfg.serverAliveInterval} - HashKnownHosts ${yn cfg.hashKnownHosts} - UserKnownHostsFile ${cfg.userKnownHostsFile} - ControlMaster ${cfg.controlMaster} - ControlPath ${cfg.controlPath} - ControlPersist ${cfg.controlPersist} - - ${cfg.extraConfig} + ${concatStringsSep "\n" ( + mapAttrsToList (n: v: "${n} ${v}") cfg.extraOptionOverrides)} ${concatStringsSep "\n\n" ( map matchBlockStr ( builtins.attrValues cfg.matchBlocks))} + + Host * + ForwardAgent ${yn cfg.forwardAgent} + Compression ${yn cfg.compression} + ServerAliveInterval ${toString cfg.serverAliveInterval} + HashKnownHosts ${yn cfg.hashKnownHosts} + UserKnownHostsFile ${cfg.userKnownHostsFile} + ControlMaster ${cfg.controlMaster} + ControlPath ${cfg.controlPath} + ControlPersist ${cfg.controlPersist} + + ${replaceStrings ["\n"] ["\n "] cfg.extraConfig} ''; }; }