BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixpkgs-suyu/nixos/modules/services
History
Maximilian Bosch 00a5222499
nixos/sshd: validate ssh configs during build 
With `sshd -t` config validation for SSH is possible. Until now, the
config generated by Nix was applied without any validation (which is
especially a problem for advanced config like `Match` blocks).

When deploying broken ssh config with nixops to a remote machine it gets
even harder to fix the problem due to the broken ssh that makes reverts
with nixops impossible.

This change performs the validation in a Nix build environment by
creating a store path with the config and generating a mocked host key
which seems to be needed for the validation. With a broken config, the
deployment already fails during the build of the derivation.

The original attempt was done in #56345 by adding a submodule for Match
groups to make it harder screwing that up, however that made the module
far more complex and config should be described in an easier way as
described in NixOS/rfcs#42.
2019-05-24 20:16:53 +02:00
..
admin salt: Restart on config changes 2018-10-15 19:59:25 -07:00
amqp rabbitmq module: Update documentation after proofreading 2018-11-03 19:19:04 +01:00
audio Merge pull request #55936 from tobim/modules/snapserver 2019-03-07 00:00:48 +01:00
backup nixos/duplicity: init 2019-02-03 19:13:01 +01:00
cluster nixos/kubernetes: add dns addonmanger reconcile mode option (#55834) 2019-03-09 12:57:41 +02:00
computing nixos/slurm: add extraConfigPaths options 2018-11-22 11:43:05 +01:00
continuous-integration buildbot: 1.8.1 -> 2.1.0 2019-03-22 18:43:15 -04:00
databases nixos/openldap: add new options 2019-04-01 17:24:33 +02:00
desktops nixos/pantheon/files: add meta.maintainers 2019-03-24 07:04:28 -04:00
development nixos/jupyter: wait for network.target 2018-11-06 20:40:20 +01:00
editors Treewide: use HTTPS on GNU domains 2018-12-02 15:51:59 +01:00
games nixos/mincraft-server: refactor 2019-02-03 02:16:11 +01:00
hardware dsseries: init at 1.0.5-1 2019-03-08 15:02:22 +00:00
logging nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
mail nixos/mailcatcher: init module for existing package 2019-03-27 09:15:47 -04:00
misc Merge pull request #58284 from bgamari/gitlab-rails 2019-03-28 21:12:15 +01:00
monitoring nixos/datadog-agent: change start command (#57871) 2019-03-18 13:31:04 -07:00
network-filesystems openafs: minor documentation fix 2019-02-26 14:49:59 -05:00
networking nixos/sshd: validate ssh configs during build 2019-05-24 20:16:53 +02:00
printing nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
scheduling nixos.cron: fix docstring sentence 2019-03-26 23:22:20 -04:00
search elasticsearch-curator: add top-level package using older click 2019-03-21 11:53:32 +01:00
security munge: fix module munge.key permissions from 0700 -> 0400 readonly 2019-01-30 12:53:54 -05:00
system Merge remote-tracking branch 'upstream/master' into staging 2018-12-16 22:55:06 +01:00
torrent nixos/transmission: Bug fix Appamor Transmission startup errors (#54873) 2019-01-31 17:51:48 +00:00
ttys nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
web-apps Merge branch 'master' into postgresql-socket-in-run 2019-03-25 01:06:59 +02:00
web-servers nixos/meguca: Add videoPaths, set postgresql version to 11 2019-03-23 01:19:29 -05:00
x11 nixos/colord: don't run as root 2019-03-29 20:56:06 -04:00