modules/sshd: print the offending keys when we detect duplicate sshd keys.

2024-09-23 13:48:21 +03:00 · 2023-05-29 10:40:36 +02:00 · 2023-05-29 10:40:36 +02:00 · 2b63df0a03
commit 2b63df0a03
parent 20cb596dd4
1 changed files with 16 additions and 4 deletions
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@ -570,14 +570,26 @@ in

    assertions = [{ assertion = if cfg.settings.X11Forwarding then cfgc.setXAuthLocation else true;
                    message = "cannot enable X11 forwarding without setting xauth location";}
-                  { assertion = lib.lists.unique (map (x: lib.strings.toLower x) (attrNames cfg.settings))
-                      == (map (x: lib.strings.toLower x) (attrNames cfg.settings));
-                    message = "Duplicate sshd config key; does your capitalization match the option's?"; } ]
+                  (let
+                    duplicates =
+                      # Filter out the groups with more than 1 element
+                      lib.filter (l: lib.length l > 1) (
+                        # Grab the groups, we don't care about the group identifiers
+                        lib.attrValues (
+                          # Group the settings that are the same in lower case
+                          lib.groupBy lib.strings.toLower (attrNames cfg.settings)
+                        )
+                      );
+                    formattedDuplicates = lib.concatMapStringsSep ", " (dupl: "(${lib.concatStringsSep ", " dupl})") duplicates;
+                  in
+                  {
+                    assertion = lib.length duplicates == 0;
+                    message = ''Duplicate sshd config key; does your capitalization match the option's? Duplicate keys: ${formattedDuplicates}'';
+                  })]
      ++ forEach cfg.listenAddresses ({ addr, ... }: {
        assertion = addr != null;
        message = "addr must be specified in each listenAddresses entry";
      });
-
  };

 }