diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2024-05-27 09:40:31 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-27 09:40:31 +0200 |
commit | 00015f3ef9cc0f9d46af9f96b6119997758559d9 (patch) | |
tree | 526eb26d0b4db5288ffb84892bc9ce91e126f961 /nixos/modules/services/networking | |
parent | e8e045b1fc47a9bacdd750498b35cb0ef18024bc (diff) | |
parent | ff1c82ee07514b770092a2651d3d5d27f5003cee (diff) |
Merge pull request #309036 from tomfitzhenry/sshd-package
nixos/ssh: add services.openssh.package
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 0fdb708bf052f..d877a80798cd8 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -5,11 +5,11 @@ with lib; let # The splicing information needed for nativeBuildInputs isn't available - # on the derivations likely to be used as `cfgc.package`. + # on the derivations likely to be used as `cfg.package`. # This middle-ground solution ensures *an* sshd can do their basic validation # on the configuration. validationPackage = if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform - then cfgc.package + then cfg.package else pkgs.buildPackages.openssh; # dont use the "=" operator @@ -169,6 +169,13 @@ in ''; }; + package = mkOption { + type = types.package; + default = config.programs.ssh.package; + defaultText = literalExpression "programs.ssh.package"; + description = "OpenSSH package to use for sshd."; + }; + startWhenNeeded = mkOption { type = types.bool; default = false; @@ -544,8 +551,8 @@ in }; users.groups.sshd = {}; - services.openssh.moduliFile = mkDefault "${cfgc.package}/etc/ssh/moduli"; - services.openssh.sftpServerExecutable = mkDefault "${cfgc.package}/libexec/sftp-server"; + services.openssh.moduliFile = mkDefault "${cfg.package}/etc/ssh/moduli"; + services.openssh.sftpServerExecutable = mkDefault "${cfg.package}/libexec/sftp-server"; environment.etc = authKeysFiles // authPrincipalsFiles // { "ssh/moduli".source = cfg.moduliFile; @@ -559,7 +566,7 @@ in wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target"; after = [ "network.target" ]; stopIfChanged = false; - path = [ cfgc.package pkgs.gawk ]; + path = [ cfg.package pkgs.gawk ]; environment.LD_LIBRARY_PATH = nssModulesPath; restartTriggers = optionals (!cfg.startWhenNeeded) [ @@ -593,7 +600,7 @@ in serviceConfig = { ExecStart = (optionalString cfg.startWhenNeeded "-") + - "${cfgc.package}/bin/sshd " + (optionalString cfg.startWhenNeeded "-i ") + + "${cfg.package}/bin/sshd " + (optionalString cfg.startWhenNeeded "-i ") + "-D " + # don't detach into a daemon process "-f /etc/ssh/sshd_config"; KillMode = "process"; |