diff options
Diffstat (limited to 'gnu/services')
-rw-r--r-- | gnu/services/base.scm | 2 | ||||
-rw-r--r-- | gnu/services/ssh.scm | 110 |
2 files changed, 68 insertions, 44 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index dad1911d31..77efef15eb 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -31,6 +31,8 @@ #:use-module (gnu system shadow) ; 'user-account', etc. #:use-module (gnu system file-systems) ; 'file-system', etc. #:use-module (gnu system mapped-devices) + #:use-module ((gnu system linux-initrd) + #:select (file-system-packages)) #:use-module (gnu packages admin) #:use-module ((gnu packages linux) #:select (alsa-utils crda eudev e2fsprogs fuse gpm kbd lvm2 rng-tools)) diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index d8a3ad35ad..b7f9887b30 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -260,28 +260,42 @@ The other options should be self-descriptive." (define-record-type* <openssh-configuration> openssh-configuration make-openssh-configuration openssh-configuration? - (openssh openssh-configuration-openssh ;package + ;; <package> + (openssh openssh-configuration-openssh (default openssh)) + ;; string (pid-file openssh-configuration-pid-file (default "/var/run/sshd.pid")) - (port-number openssh-configuration-port-number ;integer + ;; integer + (port-number openssh-configuration-port-number (default 22)) - (permit-root-login openssh-configuration-permit-root-login ;Boolean | 'without-password + ;; Boolean | 'without-password + (permit-root-login openssh-configuration-permit-root-login (default #f)) - (allow-empty-passwords? openssh-configuration-allow-empty-passwords? ;Boolean + ;; Boolean + (allow-empty-passwords? openssh-configuration-allow-empty-passwords? (default #f)) - (password-authentication? openssh-configuration-password-authentication? ;Boolean + ;; Boolean + (password-authentication? openssh-configuration-password-authentication? (default #t)) + ;; Boolean (public-key-authentication? openssh-configuration-public-key-authentication? - (default #t)) ;Boolean - (x11-forwarding? openssh-configuration-x11-forwarding? ;Boolean + (default #t)) + ;; Boolean + (x11-forwarding? openssh-configuration-x11-forwarding? (default #f)) + ;; Boolean (challenge-response-authentication? openssh-challenge-response-authentication? - (default #f)) ;Boolean + (default #f)) + ;; Boolean (use-pam? openssh-configuration-use-pam? - (default #t)) ;Boolean + (default #t)) + ;; Boolean (print-last-log? openssh-configuration-print-last-log? - (default #t))) ;Boolean + (default #t)) + ;; list of two-element lists + (subsystems openssh-configuration-subsystems + (default '(("sftp" "internal-sftp"))))) (define %openssh-accounts (list (user-group (name "sshd") (system? #t)) @@ -316,40 +330,48 @@ The other options should be self-descriptive." "Return the sshd configuration file corresponding to CONFIG." (computed-file "sshd_config" - #~(call-with-output-file #$output - (lambda (port) - (display "# Generated by 'openssh-service'.\n" port) - (format port "Port ~a\n" - #$(number->string (openssh-configuration-port-number config))) - (format port "PermitRootLogin ~a\n" - #$(match (openssh-configuration-permit-root-login config) - (#t "yes") - (#f "no") - ('without-password "without-password"))) - (format port "PermitEmptyPasswords ~a\n" - #$(if (openssh-configuration-allow-empty-passwords? config) - "yes" "no")) - (format port "PasswordAuthentication ~a\n" - #$(if (openssh-configuration-password-authentication? config) - "yes" "no")) - (format port "PubkeyAuthentication ~a\n" - #$(if (openssh-configuration-public-key-authentication? config) - "yes" "no")) - (format port "X11Forwarding ~a\n" - #$(if (openssh-configuration-x11-forwarding? config) - "yes" "no")) - (format port "PidFile ~a\n" - #$(openssh-configuration-pid-file config)) - (format port "ChallengeResponseAuthentication ~a\n" - #$(if (openssh-challenge-response-authentication? config) - "yes" "no")) - (format port "UsePAM ~a\n" - #$(if (openssh-configuration-use-pam? config) - "yes" "no")) - (format port "PrintLastLog ~a\n" - #$(if (openssh-configuration-print-last-log? config) - "yes" "no")) - #t)))) + #~(begin + (use-modules (ice-9 match)) + (call-with-output-file #$output + (lambda (port) + (display "# Generated by 'openssh-service'.\n" port) + (format port "Port ~a\n" + #$(number->string + (openssh-configuration-port-number config))) + (format port "PermitRootLogin ~a\n" + #$(match (openssh-configuration-permit-root-login config) + (#t "yes") + (#f "no") + ('without-password "without-password"))) + (format port "PermitEmptyPasswords ~a\n" + #$(if (openssh-configuration-allow-empty-passwords? config) + "yes" "no")) + (format port "PasswordAuthentication ~a\n" + #$(if (openssh-configuration-password-authentication? config) + "yes" "no")) + (format port "PubkeyAuthentication ~a\n" + #$(if (openssh-configuration-public-key-authentication? + config) + "yes" "no")) + (format port "X11Forwarding ~a\n" + #$(if (openssh-configuration-x11-forwarding? config) + "yes" "no")) + (format port "PidFile ~a\n" + #$(openssh-configuration-pid-file config)) + (format port "ChallengeResponseAuthentication ~a\n" + #$(if (openssh-challenge-response-authentication? config) + "yes" "no")) + (format port "UsePAM ~a\n" + #$(if (openssh-configuration-use-pam? config) + "yes" "no")) + (format port "PrintLastLog ~a\n" + #$(if (openssh-configuration-print-last-log? config) + "yes" "no")) + (for-each + (match-lambda + ((name command) (format port "Subsystem\t~a\t~a\n" name command))) + '#$(openssh-configuration-subsystems config)) + #t))))) (define (openssh-shepherd-service config) "Return a <shepherd-service> for openssh with CONFIG." |