diff options
author | Ricardo Wurmus <rekado@elephly.net> | 2019-01-17 17:53:57 +0100 |
---|---|---|
committer | Ricardo Wurmus <rekado@elephly.net> | 2019-01-17 17:58:35 +0100 |
commit | 65cd70ce42d4a46a65f284cbd1386e3e169383e4 (patch) | |
tree | f43b0087e3f57715ae8a3eae973fa6b177292b79 | |
parent | 3d7ad1dc9f97a07d7fe355dcc9884373b21bca62 (diff) |
services: openssh: Add escape hatch.
* gnu/services/ssh.scm (<openssh-configuration>)[extra-content]: New field.
* doc/guix.texi (Networking Services): Document it.
-rw-r--r-- | doc/guix.texi | 13 | ||||
-rw-r--r-- | gnu/services/ssh.scm | 10 |
2 files changed, 23 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index ee7cf1da14..245a18bc70 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -12644,6 +12644,19 @@ This is a symbol specifying the logging level: @code{quiet}, @code{fatal}, @code{error}, @code{info}, @code{verbose}, @code{debug}, etc. See the man page for @file{sshd_config} for the full list of level names. +@item @code{extra-content} (default: @code{""}) +This field can be used to append arbitrary text to the configuration file. It +is especially useful for elaborate configurations that cannot be expressed +otherwise. This configuration, for example, would generally disable root +logins, but permit them from one specific IP address: + +@example +(openssh-configuration + (extra-content "\ +Match Address 192.168.0.1 + PermitRootLogin yes")) +@end example + @end table @end deftp diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index bb94c5f41a..97b7f3c07b 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2016 David Craven <david@craven.ch> ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu> ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> +;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -323,6 +324,12 @@ The other options should be self-descriptive." (log-level openssh-configuration-log-level (default 'info)) + ;; String + ;; This is an "escape hatch" to provide configuration that isn't yet + ;; supported by this configuration record. + (extra-content openssh-configuration-extra-content + (default "")) + ;; list of user-name/file-like tuples (authorized-keys openssh-authorized-keys (default '())) @@ -471,6 +478,9 @@ of user-name/file-like tuples." (match-lambda ((name command) (format port "Subsystem\t~a\t~a\n" name command))) '#$(openssh-configuration-subsystems config)) + + (format port "~a\n" + #$(openssh-configuration-extra-content config)) #t))))) (define (openssh-shepherd-service config) |