nixos/sshd: fix sshd.conf validity check

When using e.g. `{ addr = "[::]"; port = 22; }` at `listenAddresses`, the check fails because of an escaping issue[1] with last 1 log lines: > Invalid test mode specification -f For full logs, run 'nix log /nix/store/c6pbpw5hjkjgipmarwyic9zyqr1xaix5-check-sshd-config.drv' Using `lib.escapeShellArg` appears to solve the problem. [1] https://github.com/NixOS/nixpkgs/pull/256090#issuecomment-1738063528
2023-09-27 22:59:13 +02:00 · 2023-09-27 22:59:13 +02:00 · e515dce892
commit e515dce892
parent 248a83fffc
2 changed files with 2 additions and 2 deletions
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@ -583,7 +583,7 @@ in
          (lport: "sshd -G -T -C lport=${toString lport} -f ${sshconf} > /dev/null")
          cfg.ports}
        ${concatMapStringsSep "\n"
-          (la: "sshd -G -T -C laddr=${la.addr},lport=${toString la.port} -f ${sshconf} > /dev/null")
+          (la: "sshd -G -T -C ${escapeShellArg "laddr=${la.addr},lport=${toString la.port}"} -f ${sshconf} > /dev/null")
          cfg.listenAddresses}
        touch $out
      '')
--- a/nixos/tests/openssh.nix
+++ b/nixos/tests/openssh.nix
@ -57,7 +57,7 @@ in {

      {
        services.openssh = {
-          enable = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } ];
+          enable = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } { addr = "[::]"; port = 22; } ];
          extraConfig = ''
            # Combined test for two (predictable) Match criterias
            Match LocalAddress 127.0.0.1 LocalPort 22