diff options
| -rw-r--r-- | doc/guix.texi | 13 | ||||
| -rw-r--r-- | gnu/services/ssh.scm | 10 |
2 files changed, 23 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index ee7cf1da14..245a18bc70 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -12644,6 +12644,19 @@ This is a symbol specifying the logging level: @code{quiet}, @code{fatal}, @code{error}, @code{info}, @code{verbose}, @code{debug}, etc. See the man page for @file{sshd_config} for the full list of level names. +@item @code{extra-content} (default: @code{""}) +This field can be used to append arbitrary text to the configuration file. It +is especially useful for elaborate configurations that cannot be expressed +otherwise. This configuration, for example, would generally disable root +logins, but permit them from one specific IP address: + +@example +(openssh-configuration + (extra-content "\ +Match Address 192.168.0.1 + PermitRootLogin yes")) +@end example + @end table @end deftp diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index bb94c5f41a..97b7f3c07b 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2016 David Craven <david@craven.ch> ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu> ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> +;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -323,6 +324,12 @@ The other options should be self-descriptive." (log-level openssh-configuration-log-level (default 'info)) + ;; String + ;; This is an "escape hatch" to provide configuration that isn't yet + ;; supported by this configuration record. + (extra-content openssh-configuration-extra-content + (default "")) + ;; list of user-name/file-like tuples (authorized-keys openssh-authorized-keys (default '())) @@ -471,6 +478,9 @@ of user-name/file-like tuples." (match-lambda ((name command) (format port "Subsystem\t~a\t~a\n" name command))) '#$(openssh-configuration-subsystems config)) + + (format port "~a\n" + #$(openssh-configuration-extra-content config)) #t))))) (define (openssh-shepherd-service config) |