sshd: fix crash: attribute 'openssh-cert' missing

2025-10-16 16:30:56 +07:00
parent b7013dc795
commit 4c7699b205
3 changed files with 54 additions and 3 deletions
--- a/clanServices/sshd/default.nix
+++ b/clanServices/sshd/default.nix
@@ -180,8 +180,9 @@
              settings.PasswordAuthentication = false;

              settings.HostCertificate = lib.mkIf (
-                config.clan.core.vars.generators.openssh-cert.files."ssh.id_ed25519-cert.pub".exists
-                && settings.certificate.searchDomains != [ ]
+                # this check needs to go first, as otherwise generators.openssh-cert does not exist
+                settings.certificate.searchDomains != [ ]
+                && config.clan.core.vars.generators.openssh-cert.files."ssh.id_ed25519-cert.pub".exists
              ) config.clan.core.vars.generators.openssh-cert.files."ssh.id_ed25519-cert.pub".path;

              hostKeys = [
--- a/clanServices/sshd/flake-module.nix
+++ b/clanServices/sshd/flake-module.nix
@@ -10,9 +10,14 @@ in
  perSystem =
    { ... }:
    {
-      clan.nixosTests.sshd = {
+      clan.nixosTests.service-sshd = {
        imports = [ ./tests/vm/default.nix ];

+        clan.modules."@clan/sshd" = module;
+      };
+      clan.nixosTests.service-sshd-no-search-domains = {
+        imports = [ ./tests/vm/no-search-domains.nix ];
+
        clan.modules."@clan/sshd" = module;
      };
    };
--- a/clanServices/sshd/tests/vm/no-search-domains.nix
+++ b/clanServices/sshd/tests/vm/no-search-domains.nix
@@ -0,0 +1,45 @@
+/*
+  This is a regression test for the following error:
+  error: attribute 'openssh-cert' missing
+  at /nix/store/y1k4bqwjql6bhlry456cs4marpamiqlr-source/clanServices/sshd/default.nix:184:17:
+    183|                 # this check needs to go first, as otherwise generators.openssh-cert does not exist
+    184|                 config.clan.core.vars.generators.openssh-cert.files."ssh.id_ed25519-cert.pub".exists
+        |                 ^
+    185|                 && settings.certificate.searchDomains != [ ]
+*/
+{
+  ...
+}:
+{
+  name = "service-sshd";
+
+  clan = {
+    directory = ./.;
+    inventory = {
+      machines.server = { };
+      machines.client = { };
+
+      instances = {
+        sshd-test = {
+          module.name = "@clan/sshd";
+          module.input = "self";
+          roles.server.machines."server".settings = {
+            hostKeys.rsa.enable = true;
+          };
+          roles.client.machines."client".settings = {
+          };
+        };
+      };
+    };
+  };
+
+  nodes = {
+    server = { };
+    client = { };
+  };
+
+  testScript = ''
+    # don't do anything, just evaluate the machines
+    exit(0)
+  '';
+}