Merge pull request #318185 from tomfitzhenry/initrd-ssh-null-alg

nixos/initrd-ssh: set KexAlgorithms/Ciphers/MACs only if non-null
2024-10-06 12:39:54 +03:00 · 2024-06-25 23:21:33 +02:00 · 2024-06-25 23:21:33 +02:00 · 44b22d8d45
commit 44b22d8d45
parent 994692e08e 54332f47ce
1 changed files with 7 additions and 3 deletions
--- a/nixos/modules/system/boot/initrd-ssh.nix
+++ b/nixos/modules/system/boot/initrd-ssh.nix
@ -150,9 +150,13 @@ in
        HostKey ${initrdKeyPath path}
      '')}

-      KexAlgorithms ${concatStringsSep "," sshdCfg.settings.KexAlgorithms}
-      Ciphers ${concatStringsSep "," sshdCfg.settings.Ciphers}
-      MACs ${concatStringsSep "," sshdCfg.settings.Macs}
+      '' + lib.optionalString (sshdCfg.settings.KexAlgorithms != null) ''
+        KexAlgorithms ${concatStringsSep "," sshdCfg.settings.KexAlgorithms}
+      '' + lib.optionalString (sshdCfg.settings.Ciphers != null) ''
+        Ciphers ${concatStringsSep "," sshdCfg.settings.Ciphers}
+      '' + lib.optionalString (sshdCfg.settings.Macs != null) ''
+        MACs ${concatStringsSep "," sshdCfg.settings.Macs}
+      '' + ''

      LogLevel ${sshdCfg.settings.LogLevel}