Commit graph

28 commits

Author SHA1 Message Date
Jakub Fišer 1bdbebc3f8
ssh: add generic Match support for matchBlocks (#2992)
* ssh: add generic Match support for matchBlocks

Introduce conservative support for actual `Match`
blocks in ssh config.

"Conservative" means this PR doesn'tt try to process
the `match` expression and simply uses it as a string
provided by the user.

If set, `match` has precedence over `host` meaning
if both are set, `match` is used and `host` is ignored.

* Add news entry
2022-11-27 16:15:32 +01:00
Sumner Evans f911ebbec9
lib.booleans: add yesNo function (#2818)
Closes #2772
2022-04-07 22:36:13 -06:00
Tobias Happ 5559ef0023
ssh: add includes option (#2453) 2021-11-16 11:51:10 -07:00
Naïm Favier bd11e2c5e6
Replace usage of literalExample
Instead use the new function `literalExpression`. See

  https://github.com/NixOS/nixpkgs/pull/136909
2021-10-13 00:16:10 +02:00
Tad Fisher 18ad12d52b
programs.ssh: Use nullable types for optional forward attrs (#1946)
Attempting to build a flake configuration using `ssh.remoteForwards' results in
evaluation errors when `port' is undefined, as `!(entry ? port)' evaluates to
false. This was verified in the nix repl, and also occurs for `nix flake
check'.

Set optional attrs in `bindOptions' and `forwardModule' to `null' by default
and adjust the assertion to check for `null' instead of attr definitions.
2021-04-27 17:16:33 -04:00
Damien Cassou a21c97d011
ssh: add support for ServerAliveCountMax
PR #1299
2020-06-03 23:16:43 +02:00
Robert Helgesson 022228e0aa
ssh: switch type of matchBlocks to listOrDagOf
This switches the type of `matchBlocks` from `loaOf` to `listOrDagOf`.
The former has been deprecated in Nixpkgs. The latter allows
dependencies between entries to be expressed using the DAG functions.
2020-04-13 23:24:40 +02:00
Ashish SHUKLA 805d82e1be
ssh: make certificateFile similar to identityFile
PR #998
2020-01-21 21:10:11 +01:00
David Wood e8dbc35613
ssh: sockets forwards; remote and dynamic forwards
This commit adds support for forwarding paths rather than just
addresses/ports. It also adds options for specifying remote and
dynamic forwards.
2019-10-02 20:42:29 +02:00
Tobias Happ 0e871b490e
ssh: add localForwards option for matchBlocks 2019-08-20 12:11:00 +02:00
Robert Helgesson ed4f66185f
Use types.port where applicable
This changes the type of all options that specify ports to
`types.port`. This type restricts values to between 0 and 65535.
2019-08-19 20:37:48 +02:00
Robert Helgesson eec78fbd1e
ssh: support multiple identity files in a match block
Fixes #625
2019-03-19 22:35:13 +01:00
John Wiegley 3cf8b9ea86
ssh: add proxyJump option 2019-01-15 22:31:08 +01:00
dsx 6ce3ce69b9
ssh: add addressFamily option 2018-12-05 00:24:34 +01:00
Robert Helgesson 6826521ec5
ssh: add certificateFile option 2018-12-05 00:19:40 +01:00
Robert Helgesson 5fe62660aa
ssh: realign options 2018-12-05 00:14:15 +01:00
zimbatm 40b279e3a3
ssh: tweak default controlPath
Instead of using the hostname `%h`, which can be changed by the
~/.ssh/config file, use the commandline-given hostname `%n`.

This allows to alias a host with different hostnames, which then point
to different configurations. A common use-case for this is if you have
multiple accounts on github with each access to different private repos:

    Host github.com
      IdentitiesOnly yes
      User git
      IdentityFile ~/.ssh/id_rsa

    Host customer.github.com
      IdentitiesOnly yes
      User git
      IdentityFile ~/.ssh/customer
      HostName github.com

Without this change, if a connection was established with the first
github.com alias, then the user would try to pull a repo from the second
account, ssh would re-use the SSH connection which doesn't have access
to that repository.
2018-11-30 00:13:50 +01:00
zimbatm 456e2d7ed5
ssh: add more options 2018-11-25 22:46:06 +01:00
Robert Helgesson 4205c91609
ssh: move options to end of configuration file
This is needed to support overriding these options inside match
blocks. A new option `programs.ssh.extraOptionOverrides` has been
added to allow global overrides.
2018-03-25 08:51:20 +02:00
Robert Helgesson 32b3f7f2d2
ssh: allow disabling compression in host block
Fixes #181.
2018-01-14 22:08:31 +01:00
John Wiegley b8b595c6b2
ssh: add a few more options 2018-01-13 12:47:30 +01:00
Nadrieril d6ab6ee370
ssh: add extraConfig option for non-standard options 2018-01-10 22:24:03 +01:00
Robert Helgesson a8e08d14bb
Mark rycee as maintainer for a bunch of modules 2017-09-26 23:40:31 +02:00
Silvan Mosberger fc1d4f5362
ssh: allow attrset matchBlock 2017-09-12 08:54:18 +02:00
Robert Helgesson be432c8654
ssh: add control persist option 2017-07-29 17:47:18 +02:00
Robert Helgesson ecf7d91d8b
ssh: use types.str instead of types.string
The `types.string` type is deprecated due to its surprising behavior.
2017-05-13 12:23:59 +02:00
Robert Helgesson 961722c3a8
ssh: add proxy command option 2017-05-13 12:08:09 +02:00
Christopher League bce262e46e
ssh: add programs.ssh module
This module generates a `.ssh/config` file. This doesn't embed _all_
options for the ssh client, but the most common ones should be there.

Example usage:

```nix
  programs.ssh = {
    enable = true;
    forwardAgent = true;
    controlMaster = "auto";
    matchBlocks = [
      {
        host = "something.blah.edu";
        port = 1024;
        user = "cleague";
        identitiesOnly = true;
      }
      {
        host = "host1 host2 host2.net host2.com";
        port = 7422;
        hostname = "example.com";
        serverAliveInterval = 60;
      }
      {
        host = "lucian";
        forwardX11 = true;
        forwardX11Trusted = true;
        checkHostIP = false;
      };
    };
  };
```

Each entry in `programs.ssh.matchBlocks` must contain a `host` field,
which will be used for the block condition.
2017-05-13 11:41:38 +02:00