diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 03ef4e69ca47..9a7b16b464b2 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -544,6 +544,15 @@
usage in non-X11 environments, e.g. Wayland.
+
+
+ programs.ssh.knownHosts
+ has gained an extraHostNames option to
+ replace hostNames.
+ hostNames is deprecated, but still
+ available for now.
+
+
The services.stubby module was converted to
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 7dc8fc1488d5..747fcacff10b 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -190,6 +190,9 @@ In addition to numerous new and upgraded packages, this release has the followin
`services.xserver.enable`. This allows easy usage in non-X11 environments,
e.g. Wayland.
+- [programs.ssh.knownHosts](#opt-programs.ssh.knownHosts) has gained an `extraHostNames`
+ option to replace `hostNames`. `hostNames` is deprecated, but still available for now.
+
- The `services.stubby` module was converted to a [settings-style](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) configuration.
- The option `services.duplicati.dataDir` has been added to allow changing the location of duplicati's files.
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix
index 35380f864208..b31fce915240 100644
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@@ -17,7 +17,7 @@ let
exec ${askPassword} "$@"
'';
- knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);
+ knownHosts = attrValues cfg.knownHosts;
knownHostsText = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != [];
@@ -142,7 +142,7 @@ in
knownHosts = mkOption {
default = {};
- type = types.attrsOf (types.submodule ({ name, ... }: {
+ type = types.attrsOf (types.submodule ({ name, config, options, ... }: {
options = {
certAuthority = mkOption {
type = types.bool;
@@ -154,12 +154,22 @@ in
};
hostNames = mkOption {
type = types.listOf types.str;
- default = [];
+ default = [ name ] ++ config.extraHostNames;
+ defaultText = literalExpression "[ ${name} ] ++ config.${options.extraHostNames}";
description = ''
+ DEPRECATED, please use extraHostNames.
A list of host names and/or IP numbers used for accessing
the host's ssh service.
'';
};
+ extraHostNames = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ description = ''
+ A list of additional host names and/or IP numbers used for
+ accessing the host's ssh service.
+ '';
+ };
publicKey = mkOption {
default = null;
type = types.nullOr types.str;
@@ -186,9 +196,6 @@ in
'';
};
};
- config = {
- hostNames = mkDefault [ name ];
- };
}));
description = ''
The set of system-wide known SSH hosts.
@@ -196,13 +203,10 @@ in
example = literalExpression ''
{
myhost = {
- hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ];
+ extraHostNames = [ "myhost.mydomain.com" "10.10.1.4" ];
publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
};
- myhost2 = {
- hostNames = [ "myhost2" ];
- publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
- };
+ "myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
}
'';
};
@@ -275,6 +279,9 @@ in
message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
});
+ warnings = mapAttrsToList (name: _: ''programs.ssh.knownHosts.${name}.hostNames is deprecated, use programs.ssh.knownHosts.${name}.extraHostNames'')
+ (filterAttrs (name: {hostNames, extraHostNames, ...}: hostNames != [ name ] ++ extraHostNames) cfg.knownHosts);
+
# SSH configuration. Slight duplication of the sshd_config
# generation in the sshd service.
environment.etc."ssh/ssh_config".text =