summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRicardo Wurmus <rekado@elephly.net>2019-01-17 17:53:57 +0100
committerRicardo Wurmus <rekado@elephly.net>2019-01-17 17:58:35 +0100
commit65cd70ce42d4a46a65f284cbd1386e3e169383e4 (patch)
treef43b0087e3f57715ae8a3eae973fa6b177292b79
parent3d7ad1dc9f97a07d7fe355dcc9884373b21bca62 (diff)
services: openssh: Add escape hatch.
* gnu/services/ssh.scm (<openssh-configuration>)[extra-content]: New field. * doc/guix.texi (Networking Services): Document it.
-rw-r--r--doc/guix.texi13
-rw-r--r--gnu/services/ssh.scm10
2 files changed, 23 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index ee7cf1da14..245a18bc70 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -12644,6 +12644,19 @@ This is a symbol specifying the logging level: @code{quiet}, @code{fatal},
@code{error}, @code{info}, @code{verbose}, @code{debug}, etc. See the man
page for @file{sshd_config} for the full list of level names.
+@item @code{extra-content} (default: @code{""})
+This field can be used to append arbitrary text to the configuration file. It
+is especially useful for elaborate configurations that cannot be expressed
+otherwise. This configuration, for example, would generally disable root
+logins, but permit them from one specific IP address:
+
+@example
+(openssh-configuration
+ (extra-content "\
+Match Address 192.168.0.1
+ PermitRootLogin yes"))
+@end example
+
@end table
@end deftp
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index bb94c5f41a..97b7f3c07b 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -323,6 +324,12 @@ The other options should be self-descriptive."
(log-level openssh-configuration-log-level
(default 'info))
+ ;; String
+ ;; This is an "escape hatch" to provide configuration that isn't yet
+ ;; supported by this configuration record.
+ (extra-content openssh-configuration-extra-content
+ (default ""))
+
;; list of user-name/file-like tuples
(authorized-keys openssh-authorized-keys
(default '()))
@@ -471,6 +478,9 @@ of user-name/file-like tuples."
(match-lambda
((name command) (format port "Subsystem\t~a\t~a\n" name command)))
'#$(openssh-configuration-subsystems config))
+
+ (format port "~a\n"
+ #$(openssh-configuration-extra-content config))
#t)))))
(define (openssh-shepherd-service config)