1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2024-11-30 06:59:45 +01:00

ssh: Allow forwardAgent to be set to null

Allow the option to not explicitly set `ForwardAgent` in the `Host *`
block for instances where `CanonicalizeHostname` is enabled and the file
is parsed twice.
This commit is contained in:
Chris Moultrie 2024-11-05 19:41:35 -05:00
parent 8f6ca7855d
commit 775f23f1d8
No known key found for this signature in database
4 changed files with 45 additions and 2 deletions

View file

@ -351,7 +351,7 @@ in {
forwardAgent = mkOption { forwardAgent = mkOption {
default = false; default = false;
type = types.bool; type = types.nullOr types.bool;
description = '' description = ''
Whether the connection to the authentication agent (if any) Whether the connection to the authentication agent (if any)
will be forwarded to the remote machine. will be forwarded to the remote machine.
@ -533,7 +533,10 @@ in {
'') ++ (map (block: matchBlockStr block.name block.data) matchBlocks))} '') ++ (map (block: matchBlockStr block.name block.data) matchBlocks))}
Host * Host *
ForwardAgent ${lib.hm.booleans.yesNo cfg.forwardAgent} ${
optionalString (cfg.forwardAgent != null)
"ForwardAgent ${lib.hm.booleans.yesNo cfg.forwardAgent}"
}
AddKeysToAgent ${cfg.addKeysToAgent} AddKeysToAgent ${cfg.addKeysToAgent}
Compression ${lib.hm.booleans.yesNo cfg.compression} Compression ${lib.hm.booleans.yesNo cfg.compression}
ServerAliveInterval ${toString cfg.serverAliveInterval} ServerAliveInterval ${toString cfg.serverAliveInterval}
@ -554,3 +557,4 @@ in {
cfg.matchBlocks); cfg.matchBlocks);
}; };
} }

View file

@ -3,6 +3,7 @@
ssh-includes = ./includes.nix; ssh-includes = ./includes.nix;
ssh-match-blocks = ./match-blocks-attrs.nix; ssh-match-blocks = ./match-blocks-attrs.nix;
ssh-match-blocks-match-and-hosts = ./match-blocks-match-and-hosts.nix; ssh-match-blocks-match-and-hosts = ./match-blocks-match-and-hosts.nix;
ssh-forwardAgent-null-config = ./forwardAgent-null-config.nix;
ssh-forwards-dynamic-valid-bind-no-asserts = ssh-forwards-dynamic-valid-bind-no-asserts =
./forwards-dynamic-valid-bind-no-asserts.nix; ./forwards-dynamic-valid-bind-no-asserts.nix;

View file

@ -0,0 +1,23 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = {
programs.ssh = {
enable = true;
forwardAgent = null;
};
home.file.assertions.text = builtins.toJSON
(map (a: a.message) (filter (a: !a.assertion) config.assertions));
nmt.script = ''
assertFileExists home-files/.ssh/config
assertFileContent home-files/.ssh/config ${
./forwardAgent-null-expected.conf
}
assertFileContent home-files/assertions ${./no-assertions.json}
'';
};
}

View file

@ -0,0 +1,15 @@
Host *
AddKeysToAgent no
Compression no
ServerAliveInterval 0
ServerAliveCountMax 3
HashKnownHosts no
UserKnownHostsFile ~/.ssh/known_hosts
ControlMaster no
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist no