diff options
Diffstat (limited to 'nixos/modules/virtualisation/libvirtd.nix')
| -rw-r--r-- | nixos/modules/virtualisation/libvirtd.nix | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix index 226ece8176708..72c2a2ef5551c 100644 --- a/nixos/modules/virtualisation/libvirtd.nix +++ b/nixos/modules/virtualisation/libvirtd.nix @@ -332,6 +332,14 @@ in libvirt NSS module options. ''; }; + + sshProxy = mkOption { + type = types.bool; + default = true; + description = '' + Weither to configure OpenSSH to use the [SSH Proxy](https://libvirt.org/ssh-proxy.html). + ''; + }; }; @@ -382,6 +390,10 @@ in source = "${cfg.qemu.package}/libexec/qemu-bridge-helper"; }; + programs.ssh.extraConfig = mkIf cfg.sshProxy '' + Include ${cfg.package}/etc/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf + ''; + systemd.packages = [ cfg.package ]; systemd.services.libvirtd-config = { @@ -533,9 +545,10 @@ in }; system.nssModules = optional (cfg.nss.enable or cfg.nss.enableGuest) cfg.package; - system.nssDatabases.hosts = builtins.concatLists [ - (optional cfg.nss.enable "libvirt") - (optional cfg.nss.enableGuest "libvirt_guest") + system.nssDatabases.hosts = mkMerge [ + # ensure that the NSS modules come between mymachines (which is 400) and resolve (which is 501) + (mkIf cfg.nss.enable (mkOrder 430 [ "libvirt" ])) + (mkIf cfg.nss.enableGuest (mkOrder 432 [ "libvirt_guest" ])) ]; }; } |