* Refactored the sshd module.

svn path=/nixos/branches/modular-nixos/; revision=16377

modules/services/networking/ssh/sshd.nix

@@ -1,60 +1,9 @@
 {pkgs, config, ...}:
 
-###### interface
 let
+
   inherit (pkgs.lib) mkOption mkIf;
-
+  inherit (pkgs) openssh;
-  options = {
-    services = {
-      sshd = {
-
-        enable = mkOption {
-          default = false;
-          description = "
-            Whether to enable the Secure Shell daemon, which allows secure
-            remote logins.
-          ";
-        };
-
-        forwardX11 = mkOption {
-          default = true;
-          description = "
-            Whether to enable sshd to forward X11 connections.
-          ";
-        };
-
-        allowSFTP = mkOption {
-          default = true;
-          description = "
-            Whether to enable the SFTP subsystem in the SSH daemon.  This
-            enables the use of commands such as <command>sftp</command> and
-            <command>sshfs</command>.
-          ";
-        };
-
-        permitRootLogin = mkOption {
-          default = "yes";
-          description = "
-            Whether the root user can login using ssh. Valid options
-            are <command>yes</command>, <command>without-password</command>,
-            <command>forced-commands-only</command> or
-            <command>no</command>
-          ";
-        };
-
-        gatewayPorts = mkOption {
-          default = "no";
-          description = "
-             Specifies whether remote hosts are allowed to connect to ports forwarded for the client. See man sshd_conf.
-            ";
-          };
-      };
-    };
-  };
-
-###### implementation
-
-  inherit (pkgs) writeText openssh;
 
   cfg = (config.services.sshd);
 
@@ -62,8 +11,8 @@ let
 
   nssModulesPath = config.system.nssModules.path;
 
-  sshdConfig = writeText "sshd_config" ''
+  sshdConfig = pkgs.writeText "sshd_config"
-
+    ''
       Protocol 2
 
       UsePAM yes
@@ -82,7 +31,6 @@ let
 
       PermitRootLogin ${cfg.permitRootLogin}
       GatewayPorts ${cfg.gatewayPorts}
-    
     '';
 
   # !!! is this assertion evaluated anywhere???
@@ -93,44 +41,98 @@ let
 
 in
 
+{
 
-mkIf config.services.sshd.enable {
+  ###### interface
-  require = [
-    options
-  ];
   
-  users = {
+  options = {
-    extraUsers = [
+  
+    services.sshd = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable the Secure Shell daemon, which allows secure
+          remote logins.
+        '';
+      };
+
+      forwardX11 = mkOption {
+        default = true;
+        description = ''
+          Whether to allow X11 connections to be forwarded.
+        '';
+      };
+
+      allowSFTP = mkOption {
+        default = true;
+        description = ''
+          Whether to enable the SFTP subsystem in the SSH daemon.  This
+          enables the use of commands such as <command>sftp</command> and
+          <command>sshfs</command>.
+        '';
+      };
+
+      permitRootLogin = mkOption {
+        default = "yes";
+        description = ''
+          Whether the root user can login using ssh. Valid values are
+          <literal>yes</literal>, <literal>without-password</literal>,
+          <literal>forced-commands-only</literal> or
+          <literal>no</literal>.
+        '';
+      };
+
+      gatewayPorts = mkOption {
+        default = "no";
+        description = ''
+          Specifies whether remote hosts are allowed to connect to
+          ports forwarded for the client.  See
+          <citerefentry><refentrytitle>sshd_config</refentrytitle>
+          <manvolnum>5</manvolnum></citerefentry>.
+        '';
+      };
+      
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.sshd.enable {
+
+    users.extraUsers = pkgs.lib.singleton
       { name = "sshd";
         uid = config.ids.uids.sshd;
         description = "SSH privilege separation user";
         home = "/var/empty";
-      }
-    ];
       };
 
-  services = {
+    jobs = pkgs.lib.singleton
-    extraJobs = [{
+      { name = "sshd";
-      name = "sshd";
 
-      job = ''
+        description = "OpenSSH server";
-        description "SSH server"
 
-        start on network-interfaces/started
+        startOn = "network-interfaces/started";
-        stop on network-interfaces/stop
+        stopOn = "network-interfaces/stop";
 
-        env LD_LIBRARY_PATH=${nssModulesPath}
+        environment = { LD_LIBRARY_PATH = nssModulesPath; };
 
-        start script
+        preStart =
+          ''
             mkdir -m 0755 -p /etc/ssh
 
             if ! test -f /etc/ssh/ssh_host_dsa_key; then
                 ${openssh}/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ""
             fi
-        end script
-
-        respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig}
           '';
-    }];
+
+        exec = "${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig}";
+
+        respawn = true;
       };
+
+  };
+
 }

modules/system/upstart/upstart.nix

@@ -27,6 +27,8 @@ let
           ${if job.exec != "" then ''
             exec ${job.exec}
           '' else ""}
+
+          ${if job.respawn then "respawn" else ""}
         '';
 
     in
@@ -155,6 +157,15 @@ in
           '';
         };
 
+        respawn = mkOption {
+          type = types.bool;
+          default = true;
+          description = ''
+            Whether to restart the job automatically if its process
+            ends unexpectedly.
+          '';
+        };
+
         environment = mkOption {
           type = types.attrs;
           default = {};