ssh: add includes option (#2453)

2021-11-16 19:51:10 +01:00 · 2021-11-16 19:51:10 +01:00 · 5559ef0023
parent 42915b78af
commit 5559ef0023
6 changed files with 38 additions and 13 deletions
--- a/modules/programs/ssh.nix
+++ b/modules/programs/ssh.nix
@ -414,6 +414,22 @@ in
      '';
    };

+    includes = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = ''
+        File globs of ssh config files that should be included via the
+        <literal>Include</literal> directive.
+        </para><para>
+        See
+        <citerefentry>
+          <refentrytitle>ssh_config</refentrytitle>
+          <manvolnum>5</manvolnum>
+        </citerefentry>
+        for more information.
+      '';
+    };
+
    matchBlocks = mkOption {
      type = hm.types.listOrDagOf matchBlockModule;
      default = {};
@ -474,9 +490,12 @@ in
          else abort "Dependency cycle in SSH match blocks: ${sortedMatchBlocksStr}";
      in ''
      ${concatStringsSep "\n" (
-        mapAttrsToList (n: v: "${n} ${v}") cfg.extraOptionOverrides)}
-
-      ${concatStringsSep "\n\n" (map (block: matchBlockStr block.data) matchBlocks)}
+        (mapAttrsToList (n: v: "${n} ${v}") cfg.extraOptionOverrides)
+        ++ (optional (cfg.includes != [ ]) ''
+          Include ${concatStringsSep " " cfg.includes}
+        '')
+        ++ (map (block: matchBlockStr block.data) matchBlocks)
+      )}

      Host *
        ForwardAgent ${yn cfg.forwardAgent}
--- a/tests/modules/programs/ssh/default-config-expected.conf
+++ b/tests/modules/programs/ssh/default-config-expected.conf
@ -1,7 +1,5 @@


-
-
 Host *
  ForwardAgent no
  Compression no
--- a/tests/modules/programs/ssh/default.nix
+++ b/tests/modules/programs/ssh/default.nix
@ -1,5 +1,6 @@
 {
  ssh-defaults = ./default-config.nix;
+  ssh-includes = ./includes.nix;
  ssh-match-blocks = ./match-blocks-attrs.nix;

  ssh-forwards-dynamic-valid-bind-no-asserts =
--- a/tests/modules/programs/ssh/forwards-dynamic-valid-bind-no-asserts-expected.conf
+++ b/tests/modules/programs/ssh/forwards-dynamic-valid-bind-no-asserts-expected.conf
@ -1,8 +1,5 @@
-
-
 Host dynamicBindAddressWithPort
  DynamicForward [127.0.0.1]:3000
-
 Host dynamicBindPathNoPort
  DynamicForward /run/user/1000/gnupg/S.gpg-agent.extra

--- a/tests/modules/programs/ssh/includes.nix
+++ b/tests/modules/programs/ssh/includes.nix
@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = {
+    programs.ssh = {
+      enable = true;
+      includes = [ "config.d/*" "other/dir" ];
+    };
+
+    nmt.script = ''
+      assertFileExists home-files/.ssh/config
+      assertFileContains home-files/.ssh/config "Include config.d/* other/dir"
+    '';
+  };
+}
--- a/tests/modules/programs/ssh/match-blocks-attrs-expected.conf
+++ b/tests/modules/programs/ssh/match-blocks-attrs-expected.conf
@ -1,13 +1,9 @@
-
-
 Host * !github.com
  Port 516
  IdentityFile file1
  IdentityFile file2
-
 Host abc
  ProxyJump jump-host
-
 Host xyz
  ServerAliveInterval 60
  ServerAliveCountMax 10
@ -16,7 +12,6 @@ Host xyz
  RemoteForward [localhost]:8081 [10.0.0.2]:80
  RemoteForward /run/user/1000/gnupg/S.gpg-agent.extra /run/user/1000/gnupg/S.gpg-agent
  DynamicForward [localhost]:2839
-
 Host ordered
  Port 1