tribes/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-04-06 21:20:33 +02:00
Code Activity

services: Add 'openssh-service'.

Browse Source 
* gnu/packages/ssh.scm (openssh)[arguments]: Set sysconfdir to /etc/ssh.
* gnu/services/ssh.scm (<openssh-configuration>): New record type.
(%openssh-accounts): New variable.
(openssh-activation, openssh-config-file, openssh-shepherd-service)
(openssh-service): New procedures.
(openssh-service-type): New variable.
* doc/guix.texi (Networking Services): Document 'openssh-services'.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Julien Lepiller
2016-08-05 15:20:15 +02:00
committed by Ludovic Courtès
parent 01c5c21a67
commit 86d8f6d3ef
3 changed files with 166 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
gnu/services/ssh.scm
View File

@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -19,17 +20,25 @@
(define-module (gnu services ssh)
#:use-module (gnu packages ssh)
#:use-module (gnu packages admin)
#:use-module (gnu services)
#:use-module (gnu services shepherd)
#:use-module (gnu system pam)
#:use-module (gnu system shadow)
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:export (lsh-configuration
lsh-configuration?
lsh-service
lsh-service-type
openssh-configuration
openssh-configuration?
openssh-service-type
openssh-service
dropbear-configuration
dropbear-configuration?
dropbear-service-type
@@ -244,6 +253,128 @@ The other options should be self-descriptive."
public-key-authentication?)
(initialize? initialize?))))
;;;
;;; OpenSSH.
;;;
(define-record-type* <openssh-configuration>
openssh-configuration make-openssh-configuration
openssh-configuration?
(pid-file openssh-configuration-pid-file) ;string
(port-number openssh-configuration-port-number) ;integer
(permit-root-login openssh-configuration-permit-root-login) ;Boolean | 'without-password
(allow-empty-passwords? openssh-configuration-allow-empty-passwords?) ;Boolean
(password-authentication? openssh-configuration-password-authentication?) ;Boolean
(pubkey-authentication? openssh-configuration-pubkey-authentication?) ;Boolean
(rsa-authentication? openssh-configuration-rsa-authentication?) ;Boolean
(x11-forwarding? openssh-configuration-x11-forwarding?) ;Boolean
(protocol-number openssh-configuration-protocol-number)) ;integer
(define %openssh-accounts
(list (user-group (name "sshd") (system? #t))
(user-account
(name "sshd")
(group "sshd")
(system? #t)
(comment "sshd privilege separation user")
(home-directory "/var/run/sshd")
(shell #~(string-append #$shadow "/sbin/nologin")))))
(define (openssh-activation config)
"Return the activation GEXP for CONFIG."
#~(begin
(mkdir-p "/etc/ssh")
(mkdir-p (dirname #$(openssh-configuration-pid-file config)))
;; Generate missing host keys.
(system* (string-append #$openssh "/bin/ssh-keygen") "-A")))
(define (openssh-config-file config)
"Return the sshd configuration file corresponding to CONFIG."
(computed-file
"sshd_config"
#~(call-with-output-file #$output
(lambda (port)
(display "# Generated by 'openssh-service'.\n" port)
(format port "Protocol ~a\n"
#$(if (eq? (openssh-configuration-protocol-number config) 1)
"1" "2"))
(format port "Port ~a\n"
#$(number->string (openssh-configuration-port-number config)))
(format port "PermitRootLogin ~a\n"
#$(match (openssh-configuration-permit-root-login config)
(#t "yes")
(#f "no")
('without-password "without-password")))
(format port "PermitEmptyPasswords ~a\n"
#$(if (openssh-configuration-allow-empty-passwords? config)
"yes" "no"))
(format port "PasswordAuthentication ~a\n"
#$(if (openssh-configuration-password-authentication? config)
"yes" "no"))
(format port "PubkeyAuthentication ~a\n"
#$(if (openssh-configuration-pubkey-authentication? config)
"yes" "no"))
(format port "RSAAuthentication ~a\n"
#$(if (openssh-configuration-rsa-authentication? config)
"yes" "no"))
(format port "X11Forwarding ~a\n"
#$(if (openssh-configuration-x11-forwarding? config)
"yes" "no"))
(format port "PidFile ~a\n"
#$(openssh-configuration-pid-file config))
#t))))
(define (openssh-shepherd-service config)
"Return a <shepherd-service> for openssh with CONFIG."
(define pid-file
(openssh-configuration-pid-file config))
(define openssh-command
#~(list (string-append #$openssh "/sbin/sshd")
"-D" "-f" #$(openssh-config-file config)))
(list (shepherd-service
(documentation "OpenSSH server.")
(requirement '(networking syslogd))
(provision '(ssh-daemon))
(start #~(make-forkexec-constructor #$openssh-command
#:pid-file #$pid-file))
(stop #~(make-kill-destructor)))))
(define openssh-service-type
(service-type (name 'openssh)
(extensions
(list (service-extension shepherd-root-service-type
openssh-shepherd-service)
(service-extension activation-service-type
openssh-activation)
(service-extension account-service-type
(const %openssh-accounts))))))
(define* (openssh-service #:key
(pid-file "/var/run/sshd.pid")
(port-number 22)
(permit-root-login 'without-password)
(allow-empty-passwords? #f)
(password-authentication? #t)
(pubkey-authentication? #t)
(rsa-authentication? #t)
(x11-forwarding? #f)
(protocol-number 2))
(service openssh-service-type (openssh-configuration
(pid-file pid-file)
(port-number port-number)
(permit-root-login permit-root-login)
(allow-empty-passwords? allow-empty-passwords?)
(password-authentication? password-authentication?)
(pubkey-authentication? pubkey-authentication?)
(rsa-authentication? rsa-authentication?)
(x11-forwarding? x11-forwarding?)
(protocol-number protocol-number))))
;;;
;;; Dropbear.