summary refs log tree commit diff
path: root/doc
diff options
context:
space:
mode:
authorSaku Laesvuori <saku@laesvuori.fi>2023-04-20 14:30:24 +0300
committerLudovic Courtès <ludo@gnu.org>2023-04-21 17:09:50 +0200
commit9043e23196ba28590ee272fb5f71f30a4ab73385 (patch)
tree29b396ceb716a3b3baf41f88750e31dd431f738a /doc
parentfb17c47efe7a9b8b7a5cf86b357dc89dca2bc7bf (diff)
downloadguix-9043e23196ba28590ee272fb5f71f30a4ab73385.tar.gz
home: services: openssh: Add configuration option for jump proxies
Add a new 'proxy' field to openssh-host to allow ProxyCommand or
ProxyJump, but not both, to be configured. Configuring both would cause
the serialization order to determine which one is used. Deprecate the
'proxy-command' field because the 'proxy' field replaces it.

* gnu/home/services/ssh.scm (proxy-jump->string,
proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list,
sanitize-proxy-command): New procedure.
(proxy-jump, proxy-command): New record type.
(openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH
can't have ProxyCommand and ProxyJump configured at the same time.
* doc/guix.texi (Secure Shell): Update to match the changes to the
service.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi29
1 files changed, 25 insertions, 4 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 53035fd5e9..4190f37ad5 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -42630,10 +42630,31 @@ machine.
 @item @code{compression?} (default: @code{#f}) (type: boolean)
 Whether to compress data in transit.
 
-@item @code{proxy-command} (type: maybe-string)
-The command to use to connect to the server.  As an example, a command
-to connect via an HTTP proxy at 192.0.2.0 would be: @code{"nc -X connect
--x 192.0.2.0:8080 %h %p"}.
+@item @code{proxy} (type: maybe-proxy-command-or-jump-list)
+The command to use to connect to the server or a list of SSH hosts to
+jump through before connecting to the server.  The field may be set to either a
+@code{proxy-command} or a list of @code{proxy-jump} records.
+
+As an example, a @code{proxy-command} to connect via an HTTP proxy at 192.0.2.0
+would be constructed with: @code{(proxy-command "nc -X connect -x
+192.0.2.0:8080 %h %p")}.
+
+@deftp {Data Type} proxy-jump
+Available @code{proxy-jump} fields are:
+
+@table @asis
+@item @code{user} (type: maybe-string)
+User name on the remote host.
+
+@item @code{host-name} (type: string)
+Host name---e.g., @code{foo.example.org} or @code{192.168.1.2}.
+
+@item @code{port} (type: maybe-natural-number)
+TCP port number to connect to.
+
+@end table
+
+@end deftp
 
 @item @code{host-key-algorithms} (type: maybe-string-list)
 The list of accepted host key algorithms---e.g.,