mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-16 09:53:17 +00:00
828305a5ac
svn path=/nixos/trunk/; revision=11782
70 lines
1.3 KiB
Nix
70 lines
1.3 KiB
Nix
{ writeText, openssh, glibc, xauth
|
|
, nssModulesPath
|
|
, forwardX11, allowSFTP, permitRootLogin
|
|
}:
|
|
|
|
assert permitRootLogin == "yes" ||
|
|
permitRootLogin == "without-password" ||
|
|
permitRootLogin == "forced-commands-only" ||
|
|
permitRootLogin == "no";
|
|
|
|
let
|
|
|
|
sshdConfig = writeText "sshd_config" ''
|
|
|
|
Protocol 2
|
|
|
|
UsePAM yes
|
|
|
|
${if forwardX11 then "
|
|
X11Forwarding yes
|
|
XAuthLocation ${xauth}/bin/xauth
|
|
" else "
|
|
X11Forwarding no
|
|
"}
|
|
|
|
${if allowSFTP then "
|
|
Subsystem sftp ${openssh}/libexec/sftp-server
|
|
" else "
|
|
"}
|
|
|
|
PermitRootLogin ${permitRootLogin}
|
|
|
|
'';
|
|
|
|
sshdUid = (import ../system/ids.nix).uids.sshd;
|
|
|
|
in
|
|
|
|
{
|
|
name = "sshd";
|
|
|
|
users = [
|
|
{ name = "sshd";
|
|
uid = (import ../system/ids.nix).uids.sshd;
|
|
description = "SSH privilege separation user";
|
|
home = "/var/empty";
|
|
}
|
|
];
|
|
|
|
job = ''
|
|
description "SSH server"
|
|
|
|
start on network-interfaces/started
|
|
stop on network-interfaces/stop
|
|
|
|
env LD_LIBRARY_PATH=${nssModulesPath}
|
|
|
|
start script
|
|
mkdir -m 0755 -p /etc/ssh
|
|
|
|
if ! test -f /etc/ssh/ssh_host_dsa_key; then
|
|
${openssh}/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ""
|
|
fi
|
|
end script
|
|
|
|
respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig}
|
|
'';
|
|
|
|
}
|