summary refs log tree commit diff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/base.scm2
-rw-r--r--gnu/services/ssh.scm110
2 files changed, 68 insertions, 44 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index dad1911d31..77efef15eb 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -31,6 +31,8 @@
   #:use-module (gnu system shadow)                ; 'user-account', etc.
   #:use-module (gnu system file-systems)          ; 'file-system', etc.
   #:use-module (gnu system mapped-devices)
+  #:use-module ((gnu system linux-initrd)
+                #:select (file-system-packages))
   #:use-module (gnu packages admin)
   #:use-module ((gnu packages linux)
                 #:select (alsa-utils crda eudev e2fsprogs fuse gpm kbd lvm2 rng-tools))
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index d8a3ad35ad..b7f9887b30 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -260,28 +260,42 @@ The other options should be self-descriptive."
 (define-record-type* <openssh-configuration>
   openssh-configuration make-openssh-configuration
   openssh-configuration?
-  (openssh               openssh-configuration-openssh ;package
+  ;; <package>
+  (openssh               openssh-configuration-openssh
                          (default openssh))
+  ;; string
   (pid-file              openssh-configuration-pid-file
                          (default "/var/run/sshd.pid"))
-  (port-number           openssh-configuration-port-number ;integer
+  ;; integer
+  (port-number           openssh-configuration-port-number
                          (default 22))
-  (permit-root-login     openssh-configuration-permit-root-login ;Boolean | 'without-password
+  ;; Boolean | 'without-password
+  (permit-root-login     openssh-configuration-permit-root-login
                          (default #f))
-  (allow-empty-passwords? openssh-configuration-allow-empty-passwords? ;Boolean
+  ;; Boolean
+  (allow-empty-passwords? openssh-configuration-allow-empty-passwords?
                           (default #f))
-  (password-authentication? openssh-configuration-password-authentication? ;Boolean
+  ;; Boolean
+  (password-authentication? openssh-configuration-password-authentication?
                             (default #t))
+  ;; Boolean
   (public-key-authentication? openssh-configuration-public-key-authentication?
-                              (default #t))                         ;Boolean
-  (x11-forwarding?       openssh-configuration-x11-forwarding? ;Boolean
+                              (default #t))
+  ;; Boolean
+  (x11-forwarding?       openssh-configuration-x11-forwarding?
                          (default #f))
+  ;; Boolean
   (challenge-response-authentication? openssh-challenge-response-authentication?
-                                      (default #f)) ;Boolean
+                                      (default #f))
+  ;; Boolean
   (use-pam?              openssh-configuration-use-pam?
-                         (default #t)) ;Boolean
+                         (default #t))
+  ;; Boolean
   (print-last-log?       openssh-configuration-print-last-log?
-                         (default #t))) ;Boolean
+                         (default #t))
+  ;; list of two-element lists
+  (subsystems            openssh-configuration-subsystems
+                         (default '(("sftp" "internal-sftp")))))
 
 (define %openssh-accounts
   (list (user-group (name "sshd") (system? #t))
@@ -316,40 +330,48 @@ The other options should be self-descriptive."
   "Return the sshd configuration file corresponding to CONFIG."
   (computed-file
    "sshd_config"
-   #~(call-with-output-file #$output
-       (lambda (port)
-         (display "# Generated by 'openssh-service'.\n" port)
-         (format port "Port ~a\n"
-                 #$(number->string (openssh-configuration-port-number config)))
-         (format port "PermitRootLogin ~a\n"
-                 #$(match (openssh-configuration-permit-root-login config)
-                     (#t "yes")
-                     (#f "no")
-                     ('without-password "without-password")))
-         (format port "PermitEmptyPasswords ~a\n"
-                 #$(if (openssh-configuration-allow-empty-passwords? config)
-                       "yes" "no"))
-         (format port "PasswordAuthentication ~a\n"
-                 #$(if (openssh-configuration-password-authentication? config)
-                       "yes" "no"))
-         (format port "PubkeyAuthentication ~a\n"
-                 #$(if (openssh-configuration-public-key-authentication? config)
-                       "yes" "no"))
-         (format port "X11Forwarding ~a\n"
-                 #$(if (openssh-configuration-x11-forwarding? config)
-                       "yes" "no"))
-         (format port "PidFile ~a\n"
-                 #$(openssh-configuration-pid-file config))
-         (format port "ChallengeResponseAuthentication ~a\n"
-                 #$(if (openssh-challenge-response-authentication? config)
-                       "yes" "no"))
-         (format port "UsePAM ~a\n"
-                 #$(if (openssh-configuration-use-pam? config)
-                       "yes" "no"))
-         (format port "PrintLastLog ~a\n"
-                 #$(if (openssh-configuration-print-last-log? config)
-                       "yes" "no"))
-         #t))))
+   #~(begin
+       (use-modules (ice-9 match))
+       (call-with-output-file #$output
+         (lambda (port)
+           (display "# Generated by 'openssh-service'.\n" port)
+           (format port "Port ~a\n"
+                   #$(number->string
+                      (openssh-configuration-port-number config)))
+           (format port "PermitRootLogin ~a\n"
+                   #$(match (openssh-configuration-permit-root-login config)
+                       (#t "yes")
+                       (#f "no")
+                       ('without-password "without-password")))
+           (format port "PermitEmptyPasswords ~a\n"
+                   #$(if (openssh-configuration-allow-empty-passwords? config)
+                         "yes" "no"))
+           (format port "PasswordAuthentication ~a\n"
+                   #$(if (openssh-configuration-password-authentication? config)
+                         "yes" "no"))
+           (format port "PubkeyAuthentication ~a\n"
+                   #$(if (openssh-configuration-public-key-authentication?
+                          config)
+                         "yes" "no"))
+           (format port "X11Forwarding ~a\n"
+                   #$(if (openssh-configuration-x11-forwarding? config)
+                         "yes" "no"))
+           (format port "PidFile ~a\n"
+                   #$(openssh-configuration-pid-file config))
+           (format port "ChallengeResponseAuthentication ~a\n"
+                   #$(if (openssh-challenge-response-authentication? config)
+                         "yes" "no"))
+           (format port "UsePAM ~a\n"
+                   #$(if (openssh-configuration-use-pam? config)
+                         "yes" "no"))
+           (format port "PrintLastLog ~a\n"
+                   #$(if (openssh-configuration-print-last-log? config)
+                         "yes" "no"))
+           (for-each
+            (match-lambda
+              ((name command) (format port "Subsystem\t~a\t~a\n" name command)))
+            '#$(openssh-configuration-subsystems config))
+           #t)))))
 
 (define (openssh-shepherd-service config)
   "Return a <shepherd-service> for openssh with CONFIG."