Catching invalid config options with types.strMatching

exolab · August 11, 2023, 1:05pm

I want to make sure an ssh-key passed to a module is in a valid format. The following seems to have no effect.

publicKey = mkOption {
      type = types.strMatching "^ssh-(ed25519|rsa|dss|ecdsa) AAAA(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})( [^@]+@[^@]+)?$";
      default = "";
      description = ''
        Define the public SSH key for the main user of
        the machine. 
      '';
    };

My naive expectation would be that this should result in an error, as the string starts with an x.

user = {
    ...
    publicKey = "xssh-ed25519 loremipsumdolorsitamet";
  };

What am I missing?

Please bear with me, I am new to this

Cheers
Toby

exolab · August 12, 2023, 8:59am

Answering my own question: I hadn’t actually installed openssh, so apparently that code was never executed.

services.openssh.enable = true;

Once I had added it, I simplified the regex (the original did not work and I am only doing a sanity check anyway):

type = types.strMatching "^ssh-(ed25519|rsa|dss|ecdsa) AAAA([A-Za-z0-9+=\/@. ]+)$";