services: Add 'dropbear-service'.

* gnu/services/ssh.scm (<dropbear-configuration>): New record type. (dropbear-activation, dropbear-shepherd-service, dropbear-service): New procedures. (dropbear-service-type): New variable. * doc/guix.texi (Networking Services): Document it. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
author: David Craven <david@craven.ch> 2016-07-13 18:13:12 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2016-07-15 17:57:28 +0200
commit: 71b0601a97da9f12f76de0480c341e06acf8f2bc (patch)
tree: 88e3a83884eb0d0ed1afae58c298512c89971b00
parent: 2102ae2e30a23b3202f4eeabdc8f37eeb16de691 (diff)
download: guix-71b0601a97da9f12f76de0480c341e06acf8f2bc.tar.gz
2 files changed, 134 insertions, 6 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 4b55473c93..a2732deded 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7754,7 +7754,7 @@ In addition, @var{extra-settings} specifies a string to append to the
 configuration file.
 @end deffn
 
-Furthermore, @code{(gnu services ssh)} provides the following service.
+Furthermore, @code{(gnu services ssh)} provides the following services.
 
 @deffn {Scheme Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @
        [#:daemonic? #t] [#:interfaces '()] [#:port-number 22] @
@@ -7792,6 +7792,47 @@ root.
 The other options should be self-descriptive.
 @end deffn
 
+@deffn {Scheme Procedure} dropbear-service [@var{config}]
+Run the @uref{https://matt.ucc.asn.au/dropbear/dropbear.html,Dropbear SSH
+daemon} with the given @var{config}, a @code{<dropbear-configuration>}
+object.
+
+For example, to specify a Dropbear service listening on port 1234, add
+this call to the operating system's @code{services} field:
+
+@example
+(dropbear-service (dropbear-configuration
+                    (port-number 1234)))
+@end example
+@end deffn
+
+@deftp {Data Type} dropbear-configuration
+This data type represents the configuration of a Dropbear SSH daemon.
+
+@table @asis
+@item @code{dropbear} (default: @var{dropbear})
+The Dropbear package to use.
+
+@item @code{port-number} (default: 22)
+The TCP port where the daemon waits for incoming connections.
+
+@item @code{syslog-output?} (default: @code{#t})
+Whether to enable syslog output.
+
+@item @code{pid-file} (default: @code{"/var/run/dropbear.pid"})
+File name of the daemon's PID file.
+
+@item @code{root-login?} (default: @code{#f})
+Whether to allow @code{root} logins.
+
+@item @code{allow-empty-passwords?} (default: @code{#f})
+Whether to allow empty passwords.
+
+@item @code{password-authentication?} (default: @code{#t})
+Whether to enable password-based authentication.
+@end table
+@end deftp
+
 @defvr {Scheme Variable} %facebook-host-aliases
 This variable contains a string for use in @file{/etc/hosts}
 (@pxref{Host Names,,, libc, The GNU C Library Reference Manual}).  Each
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 1eb9382a84..743b5e3805 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -17,14 +18,19 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu services ssh)
-  #:use-module (guix gexp)
-  #:use-module (guix records)
+  #:use-module (gnu packages ssh)
   #:use-module (gnu services)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system pam)
-  #:use-module (gnu packages ssh)
+  #:use-module (guix gexp)
+  #:use-module (guix records)
   #:use-module (srfi srfi-26)
-  #:export (lsh-service))
+  #:export (lsh-service
+
+            dropbear-configuration
+            dropbear-configuration?
+            dropbear-service-type
+            dropbear-service))
 
 ;;; Commentary:
 ;;;
@@ -235,4 +241,85 @@ The other options should be self-descriptive."
                                public-key-authentication?)
                               (initialize? initialize?))))
 
+
+;;;
+;;; Dropbear.
+;;;
+
+(define-record-type* <dropbear-configuration>
+  dropbear-configuration make-dropbear-configuration
+  dropbear-configuration?
+  (dropbear               dropbear-configuration-dropbear
+                          (default dropbear))
+  (port-number            dropbear-configuration-port-number
+                          (default 22))
+  (syslog-output?         dropbear-configuration-syslog-output?
+                          (default #t))
+  (pid-file               dropbear-configuration-pid-file
+                          (default "/var/run/dropbear.pid"))
+  (root-login?            dropbear-configuration-root-login?
+                          (default #f))
+  (allow-empty-passwords? dropbear-configuration-allow-empty-passwords?
+                          (default #f))
+  (password-authentication? dropbear-configuration-password-authentication?
+                            (default #t)))
+
+(define (dropbear-activation config)
+  "Return the activation gexp for CONFIG."
+  #~(begin
+      (mkdir-p "/etc/dropbear")))
+
+(define (dropbear-shepherd-service config)
+  "Return a <shepherd-service> for dropbear with CONFIG."
+  (define dropbear
+    (dropbear-configuration-dropbear config))
+
+  (define pid-file
+    (dropbear-configuration-pid-file config))
+
+  (define dropbear-command
+    #~(list (string-append #$dropbear "/sbin/dropbear")
+
+            ;; '-R' allows host keys to be automatically generated upon first
+            ;; connection, at a time when /dev/urandom is more likely securely
+            ;; seeded.
+            "-F" "-R"
+
+            "-p" #$(number->string (dropbear-configuration-port-number config))
+            "-P" #$pid-file
+            #$@(if (dropbear-configuration-syslog-output? config) '() '("-E"))
+            #$@(if (dropbear-configuration-root-login? config) '() '("-w"))
+            #$@(if (dropbear-configuration-password-authentication? config)
+                   '()
+                   '("-s" "-g"))
+            #$@(if (dropbear-configuration-allow-empty-passwords? config)
+                   '("-B")
+                   '())))
+
+  (define requires
+    (if (dropbear-configuration-syslog-output? config)
+        '(networking syslogd) '(networking)))
+
+  (list (shepherd-service
+         (documentation "Dropbear SSH server.")
+         (requirement requires)
+         (provision '(ssh-daemon))
+         (start #~(make-forkexec-constructor #$dropbear-command
+                                             #:pid-file #$pid-file))
+         (stop #~(make-kill-destructor)))))
+
+(define dropbear-service-type
+  (service-type (name 'dropbear)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          dropbear-shepherd-service)
+                       (service-extension activation-service-type
+                                          dropbear-activation)))))
+
+(define* (dropbear-service #:optional (config (dropbear-configuration)))
+  "Run the @uref{https://matt.ucc.asn.au/dropbear/dropbear.html,Dropbear SSH
+daemon} with the given @var{config}, a @code{<dropbear-configuration>}
+object."
+  (service dropbear-service-type config))
+
 ;;; ssh.scm ends here
author	David Craven <david@craven.ch>	2016-07-13 18:13:12 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2016-07-15 17:57:28 +0200
commit	71b0601a97da9f12f76de0480c341e06acf8f2bc (patch)
tree	88e3a83884eb0d0ed1afae58c298512c89971b00
parent	2102ae2e30a23b3202f4eeabdc8f37eeb16de691 (diff)
download	guix-71b0601a97da9f12f76de0480c341e06acf8f2bc.tar.gz