From 57d91c535bc6012545d171fdb69867a54e65a095 Mon Sep 17 00:00:00 2001
From: r-vdp <ramses@well-founded.dev>
Date: Sat, 10 May 2025 20:49:57 +0200
Subject: [PATCH] nixos/ssh: add the systemd-ssh-proxy include directive to the
 Host * block

Otherwise, then any Host or Match block in the extraConfig will absorb the include
---
 nixos/modules/programs/ssh.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix
index 0faf14fd4c29..27a56034d86c 100644
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@@ -341,13 +341,13 @@ in
       # Custom options from `extraConfig`, to override generated options
       ${cfg.extraConfig}
 
+      # Generated options from other settings
+      Host *
       ${lib.optionalString cfg.systemd-ssh-proxy.enable ''
         # See systemd-ssh-proxy(1)
         Include ${config.systemd.package}/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf
       ''}
 
-      # Generated options from other settings
-      Host *
       GlobalKnownHostsFile ${builtins.concatStringsSep " " knownHostsFiles}
 
       ${lib.optionalString (!config.networking.enableIPv6) "AddressFamily inet"}