ssh: move options to end of configuration file

This is needed to support overriding these options inside match
blocks. A new option `programs.ssh.extraOptionOverrides` has been
added to allow global overrides.
This commit is contained in:
Robert Helgesson 2018-03-23 19:32:02 +01:00
parent 75c4075345
commit 4205c91609
Failed to generate hash of commit
2 changed files with 42 additions and 11 deletions

View file

@ -587,6 +587,24 @@ in
A new module is available: 'programs.fzf'. A new module is available: 'programs.fzf'.
''; '';
} }
{
time = "2018-03-25T06:49:57+00:00";
condition = with config.programs.ssh; enable && matchBlocks != {};
message = ''
Options set through the 'programs.ssh' module are now placed
at the end of the SSH configuration file. This was done to
make it possible to override global options such as
'ForwardAgent' or 'Compression' inside a host match block.
If you truly need to override an SSH option across all match
blocks then the new option
programs.ssh.extraOptionOverrides
can be used.
'';
}
]; ];
}; };
} }

View file

@ -220,9 +220,18 @@ in
''; '';
}; };
extraOptionOverrides = mkOption {
type = types.attrsOf types.str;
default = {};
description = ''
Extra SSH configuration options that take precedence over any
host specific configuration.
'';
};
matchBlocks = mkOption { matchBlocks = mkOption {
type = types.loaOf matchBlockModule; type = types.loaOf matchBlockModule;
default = []; default = {};
example = literalExample '' example = literalExample ''
{ {
"john.example.com" = { "john.example.com" = {
@ -248,20 +257,24 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.file.".ssh/config".text = '' home.file.".ssh/config".text = ''
ForwardAgent ${yn cfg.forwardAgent} ${concatStringsSep "\n" (
Compression ${yn cfg.compression} mapAttrsToList (n: v: "${n} ${v}") cfg.extraOptionOverrides)}
ServerAliveInterval ${toString cfg.serverAliveInterval}
HashKnownHosts ${yn cfg.hashKnownHosts}
UserKnownHostsFile ${cfg.userKnownHostsFile}
ControlMaster ${cfg.controlMaster}
ControlPath ${cfg.controlPath}
ControlPersist ${cfg.controlPersist}
${cfg.extraConfig}
${concatStringsSep "\n\n" ( ${concatStringsSep "\n\n" (
map matchBlockStr ( map matchBlockStr (
builtins.attrValues cfg.matchBlocks))} builtins.attrValues cfg.matchBlocks))}
Host *
ForwardAgent ${yn cfg.forwardAgent}
Compression ${yn cfg.compression}
ServerAliveInterval ${toString cfg.serverAliveInterval}
HashKnownHosts ${yn cfg.hashKnownHosts}
UserKnownHostsFile ${cfg.userKnownHostsFile}
ControlMaster ${cfg.controlMaster}
ControlPath ${cfg.controlPath}
ControlPersist ${cfg.controlPersist}
${replaceStrings ["\n"] ["\n "] cfg.extraConfig}
''; '';
}; };
} }