Merge pull request #309036 from tomfitzhenry/sshd-package

nixos/ssh: add services.openssh.package
author: Thomas Gerbet <thomas@gerbet.me> 2024-05-27 09:40:31 +0200
committer: GitHub <noreply@github.com> 2024-05-27 09:40:31 +0200
commit: 00015f3ef9cc0f9d46af9f96b6119997758559d9 (patch)
tree: 526eb26d0b4db5288ffb84892bc9ce91e126f961 /nixos/modules/services/networking
parent: e8e045b1fc47a9bacdd750498b35cb0ef18024bc (diff)
parent: ff1c82ee07514b770092a2651d3d5d27f5003cee (diff)
1 files changed, 13 insertions, 6 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 0fdb708bf052f..d877a80798cd8 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -5,11 +5,11 @@ with lib;
 let
 
   # The splicing information needed for nativeBuildInputs isn't available
-  # on the derivations likely to be used as `cfgc.package`.
+  # on the derivations likely to be used as `cfg.package`.
   # This middle-ground solution ensures *an* sshd can do their basic validation
   # on the configuration.
   validationPackage = if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
-    then cfgc.package
+    then cfg.package
     else pkgs.buildPackages.openssh;
 
   # dont use the "=" operator
@@ -169,6 +169,13 @@ in
         '';
       };
 
+      package = mkOption {
+        type = types.package;
+        default = config.programs.ssh.package;
+        defaultText = literalExpression "programs.ssh.package";
+        description = "OpenSSH package to use for sshd.";
+      };
+
       startWhenNeeded = mkOption {
         type = types.bool;
         default = false;
@@ -544,8 +551,8 @@ in
       };
     users.groups.sshd = {};
 
-    services.openssh.moduliFile = mkDefault "${cfgc.package}/etc/ssh/moduli";
-    services.openssh.sftpServerExecutable = mkDefault "${cfgc.package}/libexec/sftp-server";
+    services.openssh.moduliFile = mkDefault "${cfg.package}/etc/ssh/moduli";
+    services.openssh.sftpServerExecutable = mkDefault "${cfg.package}/libexec/sftp-server";
 
     environment.etc = authKeysFiles // authPrincipalsFiles //
       { "ssh/moduli".source = cfg.moduliFile;
@@ -559,7 +566,7 @@ in
             wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target";
             after = [ "network.target" ];
             stopIfChanged = false;
-            path = [ cfgc.package pkgs.gawk ];
+            path = [ cfg.package pkgs.gawk ];
             environment.LD_LIBRARY_PATH = nssModulesPath;
 
             restartTriggers = optionals (!cfg.startWhenNeeded) [
@@ -593,7 +600,7 @@ in
             serviceConfig =
               { ExecStart =
                   (optionalString cfg.startWhenNeeded "-") +
-                  "${cfgc.package}/bin/sshd " + (optionalString cfg.startWhenNeeded "-i ") +
+                  "${cfg.package}/bin/sshd " + (optionalString cfg.startWhenNeeded "-i ") +
                   "-D " +  # don't detach into a daemon process
                   "-f /etc/ssh/sshd_config";
                 KillMode = "process";
author	Thomas Gerbet <thomas@gerbet.me>	2024-05-27 09:40:31 +0200
committer	GitHub <noreply@github.com>	2024-05-27 09:40:31 +0200
commit	00015f3ef9cc0f9d46af9f96b6119997758559d9 (patch)
tree	526eb26d0b4db5288ffb84892bc9ce91e126f961 /nixos/modules/services/networking
parent	e8e045b1fc47a9bacdd750498b35cb0ef18024bc (diff)
parent	ff1c82ee07514b770092a2651d3d5d27f5003cee (diff)