* Generate sshd_config to set XAuthLocation if X11 forwarding is

enabled.

svn path=/nixos/trunk/; revision=7548

system/options.nix

@@ -271,7 +271,7 @@
   
   {
     name = ["services" "sshd" "forwardX11"];
-    default = false;
+    default = true;
     description = "
       Whether to enable sshd to forward X11 connections.
     ";

system/upstart.nix

@@ -85,7 +85,9 @@ import ../upstart-jobs/gather.nix {
   # SSH daemon.
   ++ optional ["services" "sshd" "enable"]
     (import ../upstart-jobs/sshd.nix {
-      inherit (pkgs) openssh glibc pwdutils;
+      inherit (pkgs) writeText openssh glibc pwdutils;
+      inherit (pkgs.xorg) xauth;
+      forwardX11 = config.get ["services" "sshd" "forwardX11"];
     })
 
   # NTP daemon.

upstart-jobs/sshd.nix

@@ -1,4 +1,18 @@
-{openssh, glibc, pwdutils}:
+{writeText, openssh, glibc, pwdutils, xauth, forwardX11}:
+
+let
+
+  sshdConfig = writeText "sshd_config" "
+    UsePAM yes
+    ${if forwardX11 then "
+      X11Forwarding yes
+      XAuthLocation ${xauth}/bin/xauth
+    " else "
+      X11Forwarding no
+    "}
+  ";
+
+in
 
 {
   name = "sshd";
@@ -24,7 +38,7 @@ start script
     fi
 end script
 
-respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${./sshd_config}
+respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig}
   ";
   
 }

upstart-jobs/sshd_config

@@ -1,2 +0,0 @@
-X11Forwarding yes
-UsePAM yes