ssh: switch type of matchBlocks to listOrDagOf

This switches the type of `matchBlocks` from `loaOf` to `listOrDagOf`.
The former has been deprecated in Nixpkgs. The latter allows
dependencies between entries to be expressed using the DAG functions.
This commit is contained in:
Robert Helgesson 2020-04-13 22:02:08 +02:00
parent 8ad4bd6c1b
commit 022228e0aa
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89
3 changed files with 26 additions and 11 deletions

View file

@ -56,7 +56,7 @@ let
};
};
matchBlockModule = types.submodule ({ name, ... }: {
matchBlockModule = types.submodule ({ dagName, ... }: {
options = {
host = mkOption {
type = types.str;
@ -266,7 +266,7 @@ let
};
};
config.host = mkDefault name;
config.host = mkDefault dagName;
});
matchBlockStr = cf: concatStringsSep "\n" (
@ -392,7 +392,7 @@ in
};
matchBlocks = mkOption {
type = types.loaOf matchBlockModule;
type = hm.types.listOrDagOf matchBlockModule;
default = {};
example = literalExample ''
{
@ -400,7 +400,7 @@ in
hostname = "example.com";
user = "john";
};
foo = {
foo = lib.hm.dag.entryBefore ["john.example.com"] {
hostname = "example.com";
identityFile = "/home/john/.ssh/foo_rsa";
};
@ -408,11 +408,15 @@ in
'';
description = ''
Specify per-host settings. Note, if the order of rules matter
then this must be a list. See
then use the DAG functions to express the dependencies as
shown in the example.
</para><para>
See
<citerefentry>
<refentrytitle>ssh_config</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>.
</citerefentry>
for more information.
'';
};
};
@ -432,18 +436,24 @@ in
checkLocal = block: any' checkBindAndHost block.localForwards;
checkRemote = block: any' checkBindAndHost block.remoteForwards;
checkMatchBlock = block: all (fn: fn block) [ checkLocal checkRemote checkDynamic ];
in any' checkMatchBlock (builtins.attrValues cfg.matchBlocks);
in any' checkMatchBlock (map (block: block.data) (builtins.attrValues cfg.matchBlocks));
message = "Forwarded paths cannot have ports.";
}
];
home.file.".ssh/config".text = ''
home.file.".ssh/config".text =
let
sortedMatchBlocks = hm.dag.topoSort cfg.matchBlocks;
sortedMatchBlocksStr = builtins.toJSON sortedMatchBlocks;
matchBlocks =
if sortedMatchBlocks ? result
then sortedMatchBlocks.result
else abort "Dependency cycle in SSH match blocks: ${sortedMatchBlocksStr}";
in ''
${concatStringsSep "\n" (
mapAttrsToList (n: v: "${n} ${v}") cfg.extraOptionOverrides)}
${concatStringsSep "\n\n" (
map matchBlockStr (
builtins.attrValues cfg.matchBlocks))}
${concatStringsSep "\n\n" (map (block: matchBlockStr block.data) matchBlocks)}
Host *
ForwardAgent ${yn cfg.forwardAgent}

View file

@ -16,6 +16,9 @@ Host xyz
RemoteForward /run/user/1000/gnupg/S.gpg-agent.extra /run/user/1000/gnupg/S.gpg-agent
DynamicForward [localhost]:2839
Host ordered
Port 1
Host *
ForwardAgent no
Compression no

View file

@ -12,6 +12,8 @@ with lib;
proxyJump = "jump-host";
};
ordered = hm.dag.entryAfter [ "xyz" ] { port = 1; };
xyz = {
identityFile = "file";
serverAliveInterval = 60;