types.singleLineStr: strings that don't contain '\n'

Add a new type, inheriting 'types.str' but checking whether the value
doesn't contain any newline characters.

The motivation comes from a problem with the
'users.users.${u}.openssh.authorizedKeys' option.
It is easy to unintentionally insert a newline character at the end of a
string, or even in the middle, for example:

    restricted_ssh_keys = command: keys:
      let
        prefix = ''
          command="${command}",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding
        '';
      in map (key: "${prefix} ${key}") keys;

The 'prefix' string ends with a newline, which ends up in the middle of
a key entry after a few manipulations.

This is problematic because the key file is built by concatenating all
the keys with 'concatStringsSep "\n"', with result in two entries for
the faulty key:

    ''
      command="...",options...
      MY_KEY
    ''

This is hard to debug and might be dangerous. This is now caught at
build time.

1 files changed, 7 insertions, 0 deletions

diff --git a/lib/types.nix b/lib/types.nix
index 244cbb6b5354..0e702fb2f2ed 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -300,6 +300,13 @@ rec {
       inherit (str) merge;
     };
 
+    singleLineStr = mkOptionType {
+      name = "singleLineStr";
+      description = "string that doesn't contain '\\n'";
+      check = x: str.check x && !(lib.hasInfix "\n" x);
+      inherit (str) merge;
+    };
+
     strMatching = pattern: mkOptionType {
       name = "strMatching ${escapeNixString pattern}";
       description = "string matching the pattern ${pattern}";