openssh known hosts: ignore hosts without aliases
This commit is contained in:
parent
9b37b535f4
commit
faf453da0b
@ -138,41 +138,54 @@ let
|
|||||||
let inherit (config.krebs.build.host.ssh) privkey; in
|
let inherit (config.krebs.build.host.ssh) privkey; in
|
||||||
mkIf (privkey != null) [privkey];
|
mkIf (privkey != null) [privkey];
|
||||||
|
|
||||||
# TODO use imports for merging
|
|
||||||
services.openssh.knownHosts =
|
services.openssh.knownHosts =
|
||||||
(let inherit (config.krebs.build.host.ssh) pubkey; in
|
filterAttrs
|
||||||
optionalAttrs (pubkey != null) {
|
(knownHostName: knownHost:
|
||||||
localhost = {
|
knownHost.publicKey != null &&
|
||||||
hostNames = ["localhost" "127.0.0.1" "::1"];
|
knownHost.hostNames != []
|
||||||
publicKey = pubkey;
|
)
|
||||||
};
|
(mapAttrs
|
||||||
})
|
(hostName: host: {
|
||||||
//
|
|
||||||
mapAttrs
|
|
||||||
(name: host: {
|
|
||||||
hostNames =
|
hostNames =
|
||||||
concatLists
|
concatLists
|
||||||
(mapAttrsToList
|
(mapAttrsToList
|
||||||
(net-name: net:
|
(netName: net:
|
||||||
let
|
let
|
||||||
longs = net.aliases;
|
aliases =
|
||||||
shorts =
|
concatLists [
|
||||||
|
shortAliases
|
||||||
|
net.aliases
|
||||||
|
net.addrs
|
||||||
|
];
|
||||||
|
shortAliases =
|
||||||
optionals
|
optionals
|
||||||
(cfg.dns.search-domain != null)
|
(cfg.dns.search-domain != null)
|
||||||
(map (removeSuffix ".${cfg.dns.search-domain}")
|
(map (removeSuffix ".${cfg.dns.search-domain}")
|
||||||
(filter (hasSuffix ".${cfg.dns.search-domain}")
|
(filter (hasSuffix ".${cfg.dns.search-domain}")
|
||||||
longs));
|
net.aliases));
|
||||||
add-port = a:
|
addPort = alias:
|
||||||
if net.ssh.port != 22
|
if net.ssh.port != 22
|
||||||
then "[${a}]:${toString net.ssh.port}"
|
then "[${alias}]:${toString net.ssh.port}"
|
||||||
else a;
|
else alias;
|
||||||
in
|
in
|
||||||
map add-port (shorts ++ longs ++ net.addrs))
|
map addPort aliases
|
||||||
|
)
|
||||||
host.nets);
|
host.nets);
|
||||||
|
|
||||||
publicKey = host.ssh.pubkey;
|
publicKey = host.ssh.pubkey;
|
||||||
})
|
})
|
||||||
(filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts);
|
(foldl' mergeAttrs {} [
|
||||||
|
cfg.hosts
|
||||||
|
{
|
||||||
|
localhost = {
|
||||||
|
nets.local = {
|
||||||
|
addrs = [ "127.0.0.1" "::1" ];
|
||||||
|
aliases = [ "localhost" ];
|
||||||
|
ssh.port = 22;
|
||||||
|
};
|
||||||
|
ssh.pubkey = config.krebs.build.host.ssh.pubkey;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
]));
|
||||||
|
|
||||||
programs.ssh.extraConfig = concatMapStrings
|
programs.ssh.extraConfig = concatMapStrings
|
||||||
(net: ''
|
(net: ''
|
||||||
|
Loading…
Reference in New Issue
Block a user