1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-16 09:53:17 +00:00
nixpkgs/upstart-jobs/sshd.nix
Eelco Dolstra 828305a5ac * Prevent warnings about protocol version 1 being disabled.
svn path=/nixos/trunk/; revision=11782
2008-05-08 14:29:00 +00:00

70 lines
1.3 KiB
Nix

{ writeText, openssh, glibc, xauth
, nssModulesPath
, forwardX11, allowSFTP, permitRootLogin
}:
assert permitRootLogin == "yes" ||
permitRootLogin == "without-password" ||
permitRootLogin == "forced-commands-only" ||
permitRootLogin == "no";
let
sshdConfig = writeText "sshd_config" ''
Protocol 2
UsePAM yes
${if forwardX11 then "
X11Forwarding yes
XAuthLocation ${xauth}/bin/xauth
" else "
X11Forwarding no
"}
${if allowSFTP then "
Subsystem sftp ${openssh}/libexec/sftp-server
" else "
"}
PermitRootLogin ${permitRootLogin}
'';
sshdUid = (import ../system/ids.nix).uids.sshd;
in
{
name = "sshd";
users = [
{ name = "sshd";
uid = (import ../system/ids.nix).uids.sshd;
description = "SSH privilege separation user";
home = "/var/empty";
}
];
job = ''
description "SSH server"
start on network-interfaces/started
stop on network-interfaces/stop
env LD_LIBRARY_PATH=${nssModulesPath}
start script
mkdir -m 0755 -p /etc/ssh
if ! test -f /etc/ssh/ssh_host_dsa_key; then
${openssh}/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ""
fi
end script
respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig}
'';
}