From eec78fbd1e1af465d6de4cf13d7e3c7101bb671d Mon Sep 17 00:00:00 2001
From: Robert Helgesson <robert@rycee.net>
Date: Tue, 19 Mar 2019 22:35:13 +0100
Subject: [PATCH] ssh: support multiple identity files in a match block

Fixes #625
---
 modules/programs/ssh.nix | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/modules/programs/ssh.nix b/modules/programs/ssh.nix
index d888a04ec..bf6677cd9 100644
--- a/modules/programs/ssh.nix
+++ b/modules/programs/ssh.nix
@@ -66,10 +66,15 @@ let
       };
 
       identityFile = mkOption {
-        type = types.nullOr types.str;
-        default = null;
+        type = with types; either (listOf str) (nullOr str);
+        default = [];
+        apply = p:
+          if p == null then []
+          else if isString p then [p]
+          else p;
         description = ''
-          Specifies a file from which the user identity is read.
+          Specifies files from which the user identity is read.
+          Identities will be tried in the given order.
         '';
       };
 
@@ -165,7 +170,6 @@ let
     ++ optional cf.forwardX11Trusted         "  ForwardX11Trusted yes"
     ++ optional cf.identitiesOnly            "  IdentitiesOnly yes"
     ++ optional (cf.user != null)            "  User ${cf.user}"
-    ++ optional (cf.identityFile != null)    "  IdentityFile ${cf.identityFile}"
     ++ optional (cf.certificateFile != null) "  CertificateFile ${cf.certificateFile}"
     ++ optional (cf.hostname != null)        "  HostName ${cf.hostname}"
     ++ optional (cf.addressFamily != null)   "  AddressFamily ${cf.addressFamily}"
@@ -176,6 +180,7 @@ let
     ++ optional (!cf.checkHostIP)            "  CheckHostIP no"
     ++ optional (cf.proxyCommand != null)    "  ProxyCommand ${cf.proxyCommand}"
     ++ optional (cf.proxyJump != null)       "  ProxyJump ${cf.proxyJump}"
+    ++ map (file: "  IdentityFile ${file}") cf.identityFile
     ++ mapAttrsToList (n: v: "  ${n} ${v}") cf.extraOptions
   );