public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Added an option "services.openssh.extraConfig" that allows 

setting arbitrary options in sshd_config, e.g.,

    services.openssh.extraConfig = "PermitTunnel yes";

svn path=/nixos/trunk/; revision=24341
This commit is contained in:
Eelco Dolstra 2010-10-18 10:31:41 +00:00
parent 40df597205
commit 2bb4a618e2
1 changed files with 36 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
modules/services/networking/ssh/sshd.nix
View File

@ -8,31 +8,6 @@ let
nssModulesPath = config.system.nssModules.path;
sshdConfig = pkgs.writeText "sshd_config"
''
Protocol 2
UsePAM yes
${ concatMapStrings (port : ''Port ${toString port}
'') cfg.ports}
${if cfg.forwardX11 then "
X11Forwarding yes
XAuthLocation ${pkgs.xlibs.xauth}/bin/xauth
" else "
X11Forwarding no
"}
${if cfg.allowSFTP then "
Subsystem sftp ${pkgs.openssh}/libexec/sftp-server
" else "
"}
PermitRootLogin ${cfg.permitRootLogin}
GatewayPorts ${cfg.gatewayPorts}
'';
permitRootLoginCheck = v:
v == "yes" ||
v == "without-password" ||
@ -102,6 +77,11 @@ in
'';
};
extraConfig = mkOption {
default = "";
description = "Verbatim contents of <filename>sshd_config</filename>.";
};
};
};
@ -146,10 +126,40 @@ in
daemonType = "fork";
exec = "${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig}";
exec =
''
${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_dsa_key \
-f ${pkgs.writeText "sshd_config" cfg.extraConfig}
'';
};
networking.firewall.allowedTCPPorts = cfg.ports;
services.openssh.extraConfig =
''
Protocol 2
UsePAM yes
${concatMapStrings (port: ''
Port ${toString port}
'') cfg.ports}
${if cfg.forwardX11 then ''
X11Forwarding yes
XAuthLocation ${pkgs.xlibs.xauth}/bin/xauth
'' else ''
X11Forwarding no
''}
${optionalString cfg.allowSFTP ''
Subsystem sftp ${pkgs.openssh}/libexec/sftp-server
''}
PermitRootLogin ${cfg.permitRootLogin}
GatewayPorts ${cfg.gatewayPorts}
'';
};
}