public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #7941 from peti/allow-custom-ssh-moduli-file

Browse Source 
nixos: add config.services.openssh.moduliFile option so that users can replace the default file from OpenSSH
This commit is contained in:
Peter Simons 2015-05-22 20:51:42 +02:00
commit 50fa9d8eea
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -268,6 +268,16 @@ in
}; };
}; };
moduliFile = mkOption {
example = "services.openssh.moduliFile = /etc/my-local-ssh-moduli;";
type = types.path;
description = ''
Path to <literal>moduli</literal> file to install in
<literal>/etc/ssh/moduli</literal>. If this option is unset, then
the <literal>moduli</literal> file shipped with OpenSSH will be used.
'';
};
}; };
users.extraUsers = mkOption { users.extraUsers = mkOption {
@ -286,8 +296,10 @@ in
description = "SSH privilege separation user"; description = "SSH privilege separation user";
}; };
services.openssh.moduliFile = mkDefault "${cfgc.package}/etc/ssh/moduli";
environment.etc = authKeysFiles ++ [ environment.etc = authKeysFiles ++ [
{ source = "${cfgc.package}/etc/ssh/moduli"; { source = cfg.moduliFile;
target = "ssh/moduli"; target = "ssh/moduli";
} }
{ text = knownHostsText; { text = knownHostsText;