Convert "sshd" daemon

Should the client config in etc/default.nix be moved as wel?

svn path=/nixos/branches/fix-style/; revision=14370

system/options.nix

@@ -480,50 +480,6 @@ in
     };
 
 
-    sshd = {
-
-      enable = mkOption {
-        default = false;
-        description = "
-          Whether to enable the Secure Shell daemon, which allows secure
-          remote logins.
-        ";
-      };
-
-      forwardX11 = mkOption {
-        default = true;
-        description = "
-          Whether to enable sshd to forward X11 connections.
-        ";
-      };
-
-      allowSFTP = mkOption {
-        default = true;
-        description = "
-          Whether to enable the SFTP subsystem in the SSH daemon.  This
-          enables the use of commands such as <command>sftp</command> and
-          <command>sshfs</command>.
-        ";
-      };
-
-      permitRootLogin = mkOption {
-        default = "yes";
-        description = "
-          Whether the root user can login using ssh. Valid options
-          are <command>yes</command>, <command>without-password</command>,
-          <command>forced-commands-only</command> or
-          <command>no</command>
-        ";
-      };
-
-      gatewayPorts = mkOption {
-        default = "no";
-        description = "
-           Specifies  whether  remote hosts are allowed to connect to ports forwarded for the client. See man sshd_conf.
-          ";
-        };
-    };
-
     lshd = {
 
       enable = mkOption {
@@ -1699,6 +1655,7 @@ in
     (import ../upstart-jobs/gw6c.nix) # Gateway6
     (import ../upstart-jobs/syslogd.nix)
     (import ../upstart-jobs/dhcpd.nix)
+    (import ../upstart-jobs/sshd.nix)
 
     # nix
     (import ../upstart-jobs/nix.nix) # nix options and daemon

upstart-jobs/default.nix

@@ -141,15 +141,6 @@ let
       inherit config;
     })
 
-  # SSH daemon.
-  ++ optional config.services.sshd.enable
-    (import ../upstart-jobs/sshd.nix {
-      inherit (pkgs) writeText openssh glibc;
-      inherit (pkgs.xorg) xauth;
-      inherit nssModulesPath;
-      inherit (config.services.sshd) forwardX11 allowSFTP permitRootLogin gatewayPorts;
-    })
-
   # GNU lshd SSH2 deamon.
   ++ optional config.services.lshd.enable
     (import ../upstart-jobs/lshd.nix {

upstart-jobs/sshd.nix

@@ -1,14 +1,66 @@
-{ writeText, openssh, glibc, xauth
+{pkgs, config, ...}:
-, nssModulesPath
-, forwardX11, allowSFTP, permitRootLogin, gatewayPorts
-}:
-
-assert permitRootLogin == "yes" ||
-       permitRootLogin == "without-password" ||
-       permitRootLogin == "forced-commands-only" ||
-       permitRootLogin == "no";
 
+###### interface
 let
+  inherit (pkgs.lib) mkOption mkIf;
+
+  options = {
+    services = {
+      sshd = {
+
+        enable = mkOption {
+          default = false;
+          description = "
+            Whether to enable the Secure Shell daemon, which allows secure
+            remote logins.
+          ";
+        };
+
+        forwardX11 = mkOption {
+          default = true;
+          description = "
+            Whether to enable sshd to forward X11 connections.
+          ";
+        };
+
+        allowSFTP = mkOption {
+          default = true;
+          description = "
+            Whether to enable the SFTP subsystem in the SSH daemon.  This
+            enables the use of commands such as <command>sftp</command> and
+            <command>sshfs</command>.
+          ";
+        };
+
+        permitRootLogin = mkOption {
+          default = "yes";
+          description = "
+            Whether the root user can login using ssh. Valid options
+            are <command>yes</command>, <command>without-password</command>,
+            <command>forced-commands-only</command> or
+            <command>no</command>
+          ";
+        };
+
+        gatewayPorts = mkOption {
+          default = "no";
+          description = "
+             Specifies  whether  remote hosts are allowed to connect to ports forwarded for the client. See man sshd_conf.
+            ";
+          };
+      };
+    };
+  };
+
+###### implementation
+
+  inherit (pkgs) writeText openssh;
+
+  cfg = (config.services.sshd);
+
+  nssModules = config.system.nssModules.list;
+
+  nssModulesPath = config.system.nssModules.path;
 
   sshdConfig = writeText "sshd_config" ''
 
@@ -16,28 +68,40 @@ let
     
     UsePAM yes
     
-    ${if forwardX11 then "
+    ${if cfg.forwardX11 then "
       X11Forwarding yes
-      XAuthLocation ${xauth}/bin/xauth
+      XAuthLocation ${pkgs.xlibs.xauth}/bin/xauth
     " else "
       X11Forwarding no
     "}
 
-    ${if allowSFTP then "
+    ${if cfg.allowSFTP then "
       Subsystem sftp ${openssh}/libexec/sftp-server
     " else "
     "}
     
-    PermitRootLogin ${permitRootLogin}
+    PermitRootLogin ${cfg.permitRootLogin}
-    GatewayPorts ${gatewayPorts}
+    GatewayPorts ${cfg.gatewayPorts}
     
   '';
 
   sshdUid = (import ../system/ids.nix).uids.sshd;
 
+  assertion = cfg.permitRootLogin == "yes" ||
+       cfg.permitRootLogin == "without-password" ||
+       cfg.permitRootLogin == "forced-commands-only" ||
+       cfg.permitRootLogin == "no";
+
 in
 
-{
+
+mkIf config.services.sshd.enable {
+  require = [
+    options
+  ];
+
+  services = {
+    extraJobs = [{
       name = "sshd";
 
       users = [
@@ -66,5 +130,6 @@ in
 
         respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig}
       '';
-  
+    }];
+  };
 }