Catching invalid config options with types.strMatching

I want to make sure an ssh-key passed to a module is in a valid format. The following seems to have no effect.

publicKey = mkOption {
      type = types.strMatching "^ssh-(ed25519|rsa|dss|ecdsa) AAAA(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})( [^@]+@[^@]+)?$";
      default = "";
      description = ''
        Define the public SSH key for the main user of
        the machine. 

My naive expectation would be that this should result in an error, as the string starts with an x.

user = {
    publicKey = "xssh-ed25519 loremipsumdolorsitamet";

What am I missing?

Please bear with me, I am new to this :slight_smile:


Answering my own question: I hadn’t actually installed openssh, so apparently that code was never executed.

services.openssh.enable = true;

Once I had added it, I simplified the regex (the original did not work and I am only doing a sanity check anyway):

type = types.strMatching "^ssh-(ed25519|rsa|dss|ecdsa) AAAA([A-Za-z0-9+=\/@. ]+)$";