[Nix-commits] SVN commit: nix - r24341 - nixos/trunk/modules/services/networking/ssh

Mon, 18 Oct 2010 03:31:54 -0700 

Author: eelco
Date: Mon Oct 18 10:31:41 2010
New Revision: 24341
URL: https://svn.nixos.org/websvn/nix/?rev=24341&sc=1

Log:
* Added an option "services.openssh.extraConfig" that allows
  setting arbitrary options in sshd_config, e.g.,

    services.openssh.extraConfig = "PermitTunnel yes";

Modified:
   nixos/trunk/modules/services/networking/ssh/sshd.nix

Modified: nixos/trunk/modules/services/networking/ssh/sshd.nix
==============================================================================
--- nixos/trunk/modules/services/networking/ssh/sshd.nix        Mon Oct 18 
10:18:07 2010        (r24340)
+++ nixos/trunk/modules/services/networking/ssh/sshd.nix        Mon Oct 18 
10:31:41 2010        (r24341)
@@ -8,31 +8,6 @@
 
   nssModulesPath = config.system.nssModules.path;
 
-  sshdConfig = pkgs.writeText "sshd_config"
-    ''
-      Protocol 2
-
-      UsePAM yes
-
-      ${ concatMapStrings (port : ''Port ${toString port}
-                                           '') cfg.ports}
-
-      ${if cfg.forwardX11 then "
-        X11Forwarding yes
-        XAuthLocation ${pkgs.xlibs.xauth}/bin/xauth
-      " else "
-        X11Forwarding no
-      "}
-
-      ${if cfg.allowSFTP then "
-        Subsystem sftp ${pkgs.openssh}/libexec/sftp-server
-      " else "
-      "}
-
-      PermitRootLogin ${cfg.permitRootLogin}
-      GatewayPorts ${cfg.gatewayPorts}
-    '';
-
   permitRootLoginCheck = v:
     v == "yes" ||
     v == "without-password" ||
@@ -102,6 +77,11 @@
         '';
       };
       
+      extraConfig = mkOption {
+        default = "";
+        description = "Verbatim contents of <filename>sshd_config</filename>.";
+      };
+      
     };
 
   };
@@ -146,10 +126,40 @@
 
         daemonType = "fork";
 
-        exec = "${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_dsa_key -f 
${sshdConfig}";
+        exec = 
+          ''
+            ${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_dsa_key \
+              -f ${pkgs.writeText "sshd_config" cfg.extraConfig}
+          '';
       };
 
     networking.firewall.allowedTCPPorts = cfg.ports;
+
+    services.openssh.extraConfig =
+      ''
+        Protocol 2
+
+        UsePAM yes
+
+        ${concatMapStrings (port: ''
+          Port ${toString port}
+        '') cfg.ports}
+
+        ${if cfg.forwardX11 then ''
+          X11Forwarding yes
+          XAuthLocation ${pkgs.xlibs.xauth}/bin/xauth
+        '' else ''
+          X11Forwarding no
+        ''}
+
+        ${optionalString cfg.allowSFTP ''
+          Subsystem sftp ${pkgs.openssh}/libexec/sftp-server
+        ''}
+
+        PermitRootLogin ${cfg.permitRootLogin}
+        GatewayPorts ${cfg.gatewayPorts}
+      '';
+
   };
 
 }
_______________________________________________
nix-commits mailing list
[email protected]
http://mail.cs.uu.nl/mailman/listinfo/nix-commits

Reply via email to