From e58bcb921bfd6e90b3e2d11a03ba32918a1cfad4 Mon Sep 17 00:00:00 2001
From: "Wael M. Nasreddine" <wael@keeptruckin.com>
Date: Sun, 5 Apr 2020 19:48:56 -0700
Subject: programs.ssh: write ssh known_hosts only if there are any set

---
 modules/programs/ssh/default.nix | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'modules/programs/ssh')

diff --git a/modules/programs/ssh/default.nix b/modules/programs/ssh/default.nix
index 87978e6..5fc7415 100644
--- a/modules/programs/ssh/default.nix
+++ b/modules/programs/ssh/default.nix
@@ -151,12 +151,13 @@ in
     services.openssh.authorizedKeysFiles = [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ];
 
     environment.etc = authKeysFiles //
-      { "ssh/ssh_known_hosts".text = (flip (concatMapStringsSep "\n") knownHosts
-        (h: assert h.hostNames != [];
-          concatStringsSep "," h.hostNames + " "
-          + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
-        )) + "\n";
-
+      { "ssh/ssh_known_hosts" = mkIf (builtins.length knownHosts > 0) {
+          text = (flip (concatMapStringsSep "\n") knownHosts
+            (h: assert h.hostNames != [];
+              concatStringsSep "," h.hostNames + " "
+              + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
+            )) + "\n";
+        };
         "ssh/sshd_config.d/101-authorized-keys.conf" = {
           text = "AuthorizedKeysFile ${toString config.services.openssh.authorizedKeysFiles}\n";
           # Allows us to automatically migrate from using a file to a symlink
-- 
cgit v1.2.3