Author: mkwik
Date: Sun Mar 25 15:42:05 2012
New Revision: 33407
URL: https://nixos.org/websvn/nix/?rev=33407&sc=1
Log:
splitted ssh/sshd X11 forwarding logic. Backward compatible change.
You can now set the forwardX11 config option for the ssh client and server
separately.
For server, the option means "allow clients to request X11 forwarding".
For client, the option means "request X11 forwarding by default on all
connections".
I don't think it made sense to couple them. I might not even run the server on
some machines.
Also, I ssh to a lot of machines, and rarely want X11 forwarding. The times I
want it,
I use the -X/-Y option, or set it in my ~/.ssh/config.
I also decoupled the 'XAuthLocation' logic from forwardX11.
For my case where ssh client doesn't want forwarding by default, it still wants
to set the path for the cases I do need it.
As this flag is the one that pulls in X11 dependencies, I changed the minimal
profile and the no-x-libs config to check that instead now.
Modified:
nixos/trunk/modules/config/no-x-libs.nix
nixos/trunk/modules/profiles/minimal.nix
nixos/trunk/modules/programs/ssh.nix
nixos/trunk/modules/services/networking/ssh/sshd.nix
Modified: nixos/trunk/modules/config/no-x-libs.nix
==============================================================================
--- nixos/trunk/modules/config/no-x-libs.nix Sun Mar 25 13:59:17 2012
(r33406)
+++ nixos/trunk/modules/config/no-x-libs.nix Sun Mar 25 15:42:05 2012
(r33407)
@@ -7,16 +7,14 @@
example = true;
description = ''
Switch off the options in the default configuration that require X
libraries.
- Currently this includes: openssh.forwardX11, dbus, hal,
fonts.enableCoreFonts,
+ Currently this includes: ssh X11 forwarding, dbus, hal,
fonts.enableCoreFonts,
fonts.enableFontConfig
'';
};
};
config = pkgs.lib.mkIf config.environment.noXlibs {
+ programs.ssh.setXAuthLocation = false;
services = {
- openssh = {
- forwardX11 = false;
- };
dbus.enable = false;
hal.enable = false;
};
Modified: nixos/trunk/modules/profiles/minimal.nix
==============================================================================
--- nixos/trunk/modules/profiles/minimal.nix Sun Mar 25 13:59:17 2012
(r33406)
+++ nixos/trunk/modules/profiles/minimal.nix Sun Mar 25 15:42:05 2012
(r33407)
@@ -5,7 +5,7 @@
{
# Don't include X libraries.
- services.openssh.forwardX11 = false;
+ programs.ssh.setXAuthLocation = false;
fonts.enableFontConfig = false;
fonts.enableCoreFonts = false;
}
Modified: nixos/trunk/modules/programs/ssh.nix
==============================================================================
--- nixos/trunk/modules/programs/ssh.nix Sun Mar 25 13:59:17 2012
(r33406)
+++ nixos/trunk/modules/programs/ssh.nix Sun Mar 25 15:42:05 2012
(r33407)
@@ -2,19 +2,57 @@
{config, pkgs, ...}:
+with pkgs.lib;
+
+let cfg = config.programs.ssh;
+ cfgd = config.services.openssh;
+
+in
{
- environment.etc =
- [ { # SSH configuration. Slight duplication of the sshd_config
- # generation in the sshd service.
- source = pkgs.writeText "ssh_config" ''
- ${if config.services.openssh.forwardX11 then ''
- ForwardX11 yes
- XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
- '' else ''
- ForwardX11 no
- ''}
+ ###### interface
+
+ options = {
+
+ programs.ssh = {
+
+ forwardX11 = mkOption {
+ default = cfgd.forwardX11;
+ description = ''
+ Whether to request X11 forwarding on outgoing connections by default.
+ This is useful for running graphical programs on the remote machine
and have them display to your local X11 server.
+ Historically, this value has depended on the value used by the local
sshd daemon, but there really isn't a relation between the two.
'';
- target = "ssh/ssh_config";
- }
- ];
+ };
+
+ setXAuthLocation = mkOption {
+ default = true;
+ description = ''
+ Whether to set the path to xauth for X11-forwarded connections.
+ Pulls in X11 dependency.
+ '';
+ };
+ };
+ };
+
+ assertions = [{ assertion = if cfg.forwardX11 then cfg.setXAuthLocation else
true;
+ msg = "cannot enable X11 forwarding without setting xauth
location";}];
+
+ config = {
+ environment.etc =
+ [ { # SSH configuration. Slight duplication of the sshd_config
+ # generation in the sshd service.
+ source = pkgs.writeText "ssh_config" ''
+ ${optionalString cfg.setXAuthLocation ''
+ XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
+ ''}
+ ${if cfg.forwardX11 then ''
+ ForwardX11 yes
+ '' else ''
+ ForwardX11 no
+ ''}
+ '';
+ target = "ssh/ssh_config";
+ }
+ ];
+ };
}
Modified: nixos/trunk/modules/services/networking/ssh/sshd.nix
==============================================================================
--- nixos/trunk/modules/services/networking/ssh/sshd.nix Sun Mar 25
13:59:17 2012 (r33406)
+++ nixos/trunk/modules/services/networking/ssh/sshd.nix Sun Mar 25
15:42:05 2012 (r33407)
@@ -4,7 +4,8 @@
let
- cfg = config.services.openssh;
+ cfg = config.services.openssh;
+ cfgc = config.programs.ssh;
nssModulesPath = config.system.nssModules.path;
@@ -140,7 +141,7 @@
};
forwardX11 = mkOption {
- default = true;
+ default = cfgc.setXAuthLocation;
description = ''
Whether to allow X11 connections to be forwarded.
'';
@@ -281,9 +282,12 @@
Port ${toString port}
'') cfg.ports}
+ ${optionalString cfgc.setXAuthLocation ''
+ XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
+ ''}
+
${if cfg.forwardX11 then ''
X11Forwarding yes
- XAuthLocation ${pkgs.xlibs.xauth}/bin/xauth
'' else ''
X11Forwarding no
''}
@@ -297,6 +301,8 @@
PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else
"no"}
'';
+ assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation
else true;
+ msg = "cannot enable X11 forwarding without setting xauth
location";}];
};
}
_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits
