profiles/common-ssh: Configure GlobalKnownHosts manually so we avoid import from derivation

profiles/desktop: Add gnome-decoder
2025-12-03 18:44:27 +01:00 · 2025-11-26 18:13:01 +01:00
3 changed files with 33 additions and 7 deletions
--- a/profiles/common-ssh/default.nix
+++ b/profiles/common-ssh/default.nix
@@ -2,13 +2,33 @@

 with lib;

-{
+let
+
+  cfg = config.profiles.clerie.common-ssh;
+
+  knownHostsFiles = [
+    "/etc/ssh/ssh_known_hosts"
+  ] ++ cfg.knownHostsFiles;
+
+in {

  options.profiles.clerie.common-ssh = {
    enable = mkEnableOption "Common ssh config";
+    knownHostsFiles = mkOption {
+      type = with types; listOf str;
+      default = [];
+      description = "List of paths to ssh known hosts files";
+    };
  };

-  config = mkIf config.profiles.clerie.common-ssh.enable {
+  config = mkIf cfg.enable {
+
+    assertions = [
+      {
+        assertion = config.programs.ssh.knownHostsFiles == [];
+        message = "profiles.clerie.common-ssh sets a custom set of global known hosts file that is incompatible with the settings from the official NixOS module, use profiles.clerie.common-ssh.knownHostsFiles instead";
+      }
+    ];

    services.openssh.enable = true;
    services.openssh.settings = {
@@ -21,11 +41,16 @@ with lib;
      { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
    ];

-    programs.ssh.knownHostsFiles = [
+    profiles.clerie.common-ssh.knownHostsFiles = [
      (pkgs.clerie-ssh-known-hosts + "/known_hosts")
      (pkgs.fem-ssh-known-hosts + "/known_hosts")
      (pkgs.well-known-ssh-known-hosts + "/known_hosts")
    ];

+    programs.ssh.extraConfig = ''
+      Host *
+      GlobalKnownHostsFile ${builtins.concatStringsSep " " knownHostsFiles}
+    '';
+
  };
 }
--- a/profiles/desktop/gnome.nix
+++ b/profiles/desktop/gnome.nix
@@ -34,6 +34,7 @@ with lib;
      evolution
      gnome-terminal
      gnome-tweaks
+      gnome-decoder # scan qr codes
    ];

    services.gnome.evolution-data-server.enable = true;
--- a/profiles/hetzner-storage-box-client/default.nix
+++ b/profiles/hetzner-storage-box-client/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:

 with lib;

@@ -10,9 +10,9 @@ with lib;

  config = mkIf config.profiles.clerie.hetzner-storage-box-client.enable {

-   programs.ssh.knownHostsFiles = [
-     ./hetzner-storage-box-ssh_known_hosts
-   ];
+    profiles.clerie.common-ssh.knownHostsFiles = [
+      (pkgs.copyPathToStore ./hetzner-storage-box-ssh_known_hosts)
+    ];

 };
Author	SHA1	Message	Date
clerie	90636b14b5	profiles/common-ssh: Configure GlobalKnownHosts manually so we avoid import from derivation	2025-12-03 18:44:27 +01:00
clerie	cfe26d87c3	profiles/desktop: Add gnome-decoder	2025-11-26 18:13:01 +01:00