Skip to content

nixos: nix.sshServe: add trusted option #401132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
numinit merged 1 commit into from
Apr 24, 2025
Merged

nixos: nix.sshServe: add trusted option #401132

numinit merged 1 commit into from
Apr 24, 2025

Conversation

@MatthewCroughan
Copy link
Contributor

@MatthewCroughan MatthewCroughan commented Apr 23, 2025
edited by numinit
Loading

Things done

It has become annoying enough to do the following config all the time, instead of allowing it to be in the sshServe option directly, that I thought I'd make a PR for it.

Before this change

  nix = {
    settings.trusted-users = [ "nix-ssh" ];
    sshServe = {
      protocol = "ssh-ng";
      enable = true;
      write = true;
      keys = [
        "ssh-ed25519 AAAAC3NzaC16"
      ];
    };
  };

After this change

  nix = {
    sshServe = {
      protocol = "ssh-ng";
      enable = true;
      write = true;
      trusted = true;
      keys = [
        "ssh-ed25519 AAAAC3NzaC16"
      ];
    };
  };
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Apr 23, 2025
@ofborg ofborg bot added the ofborg-internal-error Ofborg encountered an error label Apr 23, 2025
@github-actions github-actions bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Apr 23, 2025
@aprilthepink
Copy link
Contributor

aprilthepink commented Apr 23, 2025

@ofborg eval

@ofborg ofborg bot removed the ofborg-internal-error Ofborg encountered an error label Apr 23, 2025
numinit
numinit reviewed Apr 23, 2025
View reviewed changes
@aprilthepink aprilthepink added the 12.approvals: 1 This PR was reviewed and approved by one person. label Apr 23, 2025
@wegank wegank added 12.approvals: 2 This PR was reviewed and approved by two persons. and removed 12.approvals: 1 This PR was reviewed and approved by one person. labels Apr 23, 2025
@numinit
Copy link
Contributor

numinit commented Apr 24, 2025

Seems like a pretty unambiguously convenient change. Thank you!

@numinit numinit merged commit 0b67119 into NixOS:master Apr 24, 2025
49 of 52 checks passed
@MatthewCroughan MatthewCroughan deleted the ssh-serve-trusted branch April 24, 2025 00:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@numinit numinit numinit approved these changes

+1 more reviewer

@aprilthepink aprilthepink aprilthepink approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.approvals: 2 This PR was reviewed and approved by two persons.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@MatthewCroughan @aprilthepink @numinit @wegank