diff options
author | lassulus <lassulus@lassul.us> | 2022-09-19 11:24:47 +0200 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2022-09-19 11:24:47 +0200 |
commit | 68bae0b2219d9f8621738062ef9db1703f6e8ca9 (patch) | |
tree | 3ff0ee80d273d4ba22e7957e8bfbab9849b87738 /krebs/3modules/default.nix | |
parent | e5aa44907512f0ba97def7549e199d365ff29db6 (diff) | |
parent | d76cf33d1f000389558da8c8f5e17db966b8a5a7 (diff) |
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'krebs/3modules/default.nix')
-rw-r--r-- | krebs/3modules/default.nix | 81 |
1 files changed, 47 insertions, 34 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8ea727dc7..7f0070483 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -138,41 +138,54 @@ let let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) [privkey]; - # TODO use imports for merging services.openssh.knownHosts = - (let inherit (config.krebs.build.host.ssh) pubkey; in - optionalAttrs (pubkey != null) { - localhost = { - hostNames = ["localhost" "127.0.0.1" "::1"]; - publicKey = pubkey; - }; - }) - // - mapAttrs - (name: host: { - hostNames = - concatLists - (mapAttrsToList - (net-name: net: - let - longs = net.aliases; - shorts = - optionals - (cfg.dns.search-domain != null) - (map (removeSuffix ".${cfg.dns.search-domain}") - (filter (hasSuffix ".${cfg.dns.search-domain}") - longs)); - add-port = a: - if net.ssh.port != 22 - then "[${a}]:${toString net.ssh.port}" - else a; - in - map add-port (shorts ++ longs ++ net.addrs)) - host.nets); - - publicKey = host.ssh.pubkey; - }) - (filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts); + filterAttrs + (knownHostName: knownHost: + knownHost.publicKey != null && + knownHost.hostNames != [] + ) + (mapAttrs + (hostName: host: { + hostNames = + concatLists + (mapAttrsToList + (netName: net: + let + aliases = + concatLists [ + shortAliases + net.aliases + net.addrs + ]; + shortAliases = + optionals + (cfg.dns.search-domain != null) + (map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") + net.aliases)); + addPort = alias: + if net.ssh.port != 22 + then "[${alias}]:${toString net.ssh.port}" + else alias; + in + map addPort aliases + ) + host.nets); + publicKey = host.ssh.pubkey; + }) + (foldl' mergeAttrs {} [ + cfg.hosts + { + localhost = { + nets.local = { + addrs = [ "127.0.0.1" "::1" ]; + aliases = [ "localhost" ]; + ssh.port = 22; + }; + ssh.pubkey = config.krebs.build.host.ssh.pubkey; + }; + } + ])); programs.ssh.extraConfig = concatMapStrings (net: '' |