liminix/modules/ssh/ssh.nix

42 lines
1.2 KiB
Nix
Raw Normal View History

2023-08-10 23:53:21 +02:00
{
liminix
, dropbear
, serviceFns
, lib
}:
p :
let
inherit (liminix.services) longrun;
inherit (lib) concatStringsSep;
options =
[
"-e" # pass environment to child
"-E" # log to stderr
"-R" # create hostkeys if needed
"-P /run/dropbear.pid"
"-F" # don't fork into background
] ++
(lib.optional (! p.allowRoot) "-w") ++
(lib.optional (! p.allowPasswordLogin) "-s") ++
(lib.optional (! p.allowPasswordLoginForRoot) "-g") ++
(lib.optional (! p.allowLocalPortForward) "-j") ++
(lib.optional (! p.allowRemotePortForward) "-k") ++
(lib.optional (! p.allowRemoteConnectionToForwardedPorts) "-a") ++
[(if p.address != null
then "-p ${p.address}:${p.port}"
else "-p ${builtins.toString p.port}")] ++
[p.extraConfig];
in
longrun {
name = "sshd";
2024-02-13 23:12:26 +01:00
# we need /run/dropbear to point to hostkey storage, as that
# pathname is hardcoded into the binary.
2023-08-10 23:53:21 +02:00
# env -i clears the environment so we don't pass anything weird to
# ssh sessions
run = ''
2024-02-13 23:12:26 +01:00
ln -s $(mkstate dropbear) /run
2023-08-10 23:53:21 +02:00
. /etc/profile # sets PATH but do we need this? it's the same file as ashrc
exec env -i ENV=/etc/ashrc PATH=$PATH ${dropbear}/bin/dropbear ${concatStringsSep " " options}
'';
}