public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3901 from vlstill/ssh_ip

Browse Source 
Allow binding sshd to specified addresses.
This commit is contained in:
lethalman 2014-09-02 10:38:16 +02:00
commit a3e91bbfa3
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -144,6 +144,36 @@ in
''; '';
}; };
listenAddresses = mkOption {
type = types.listOf types.optionSet;
default = [];
example = [ { addr = "192.168.3.1"; port = 22; } { addr = "0.0.0.0"; port = 64022; } ];
description = ''
List of addresses and ports to listen on (ListenAddress directive
in config). If port is not specified for address sshd will listen
on all ports specified by <literal>ports</literal> option.
NOTE: this will override default listening on all local addresses and port 22.
NOTE: setting this option won't automatically enable given ports
in firewall configuration.
'';
options = {
addr = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Host, IPv4 or IPv6 address to listen to.
'';
};
port = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
Port to listen to.
'';
};
};
};
passwordAuthentication = mkOption { passwordAuthentication = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -349,6 +379,10 @@ in
Port ${toString port} Port ${toString port}
'') cfg.ports} '') cfg.ports}
${concatMapStrings ({ port, addr }: ''
ListenAddress ${addr}${if port != null then ":" + toString port else ""}
'') cfg.listenAddresses}
${optionalString cfgc.setXAuthLocation '' ${optionalString cfgc.setXAuthLocation ''
XAuthLocation ${pkgs.xorg.xauth}/bin/xauth XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
''} ''}
@ -383,6 +417,10 @@ in
assertion = (data.publicKey == null && data.publicKeyFile != null) || assertion = (data.publicKey == null && data.publicKeyFile != null) ||
(data.publicKey != null && data.publicKeyFile == null); (data.publicKey != null && data.publicKeyFile == null);
message = "knownHost ${name} must contain either a publicKey or publicKeyFile"; message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
})
++ flip map cfg.listenAddresses ({ addr, port }: {
assertion = addr != null;
message = "addr must be specified in each listenAddresses entry";
}); });
}; };