commit 396f4f05b9c7dc15a3cf36cba246c32088e37c32 · pyrox.dev/nixpkgs

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

···

       322
       322
        
             </listitem>

     

       323
       323
        
             <listitem>

     

       324
       324
        
               <para>

     

       325
       325
       +
                 <link xlink:href="https://github.com/tmate-io/tmate-ssh-server">tmate-ssh-server</link>,

     

       326
       326
       +
                 server side part of

     

       327
       327
       +
                 <link xlink:href="https://tmate.io/">tmate</link>. Available

     

       328
       328
       +
                 as

     

       329
       329
       +
                 <link linkend="opt-services.tmate-ssh-server.enable">services.tmate-ssh-server</link>.

     

       330
       330
       +
               </para>

     

       331
       331
       +
             </listitem>

     

       332
       332
       +
             <listitem>

     

       333
       333
       +
               <para>

     

       325
       334
        
                 <link xlink:href="https://www.grafana.com/oss/tempo/">Grafana

     

       326
       335
        
                 Tempo</link>, a distributed tracing store. Available as

     

       327
       336
        
                 <link linkend="opt-services.tempo.enable">services.tempo</link>.

nixos/doc/manual/release-notes/rl-2211.section.md

···

       110
       110
        
       

     

       111
       111
        
       - [go-autoconfig](https://github.com/L11R/go-autoconfig), IMAP/SMTP autodiscover server. Available as [services.go-autoconfig](#opt-services.go-autoconfig.enable).

     

       112
       112
        
       

     

       113
       113
       +
       - [tmate-ssh-server](https://github.com/tmate-io/tmate-ssh-server), server side part of [tmate](https://tmate.io/). Available as [services.tmate-ssh-server](#opt-services.tmate-ssh-server.enable).

     

       114
       114
       +
       

     

       113
       115
        
       - [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).

     

       114
       116
        
       

     

       115
       117
        
       - [AusweisApp2](https://www.ausweisapp.bund.de/), the authentication software for the German ID card. Available as [programs.ausweisapp](#opt-programs.ausweisapp.enable).

nixos/modules/module-list.nix

···

       960
       960
        
         ./services/networking/tinc.nix

     

       961
       961
        
         ./services/networking/tinydns.nix

     

       962
       962
        
         ./services/networking/tftpd.nix

     

       963
       963
       +
         ./services/networking/tmate-ssh-server.nix

     

       963
       964
        
         ./services/networking/trickster.nix

     

       964
       965
        
         ./services/networking/tox-bootstrapd.nix

     

       965
       966
        
         ./services/networking/tox-node.nix

+122

nixos/modules/services/networking/tmate-ssh-server.nix

···

       1
       1
       +
       { config, lib, pkgs, ... }:

     

       2
       2
       +
       with lib;

     

       3
       3
       +
       let

     

       4
       4
       +
         cfg = config.services.tmate-ssh-server;

     

       5
       5
       +
       

     

       6
       6
       +
         defaultKeysDir = "/etc/tmate-ssh-server-keys";

     

       7
       7
       +
         edKey = "${defaultKeysDir}/ssh_host_ed25519_key";

     

       8
       8
       +
         rsaKey = "${defaultKeysDir}/ssh_host_rsa_key";

     

       9
       9
       +
       

     

       10
       10
       +
         keysDir =

     

       11
       11
       +
           if cfg.keysDir == null

     

       12
       12
       +
           then defaultKeysDir

     

       13
       13
       +
           else cfg.keysDir;

     

       14
       14
       +
       

     

       15
       15
       +
         domain = config.networking.domain;

     

       16
       16
       +
       in

     

       17
       17
       +
       {

     

       18
       18
       +
         options.services.tmate-ssh-server = {

     

       19
       19
       +
           enable = mkEnableOption (mdDoc "tmate ssh server");

     

       20
       20
       +
       

     

       21
       21
       +
           package = mkOption {

     

       22
       22
       +
             type = types.package;

     

       23
       23
       +
             description = mdDoc "The package containing tmate-ssh-server";

     

       24
       24
       +
             defaultText = literalExpression "pkgs.tmate-ssh-server";

     

       25
       25
       +
             default = pkgs.tmate-ssh-server;

     

       26
       26
       +
           };

     

       27
       27
       +
       

     

       28
       28
       +
           host = mkOption {

     

       29
       29
       +
             type = types.str;

     

       30
       30
       +
             description = mdDoc "External host name";

     

       31
       31
       +
             defaultText = lib.literalExpression "config.networking.domain or config.networking.hostName ";

     

       32
       32
       +
             default =

     

       33
       33
       +
               if domain == null then

     

       34
       34
       +
                 config.networking.hostName

     

       35
       35
       +
               else

     

       36
       36
       +
                 domain;

     

       37
       37
       +
           };

     

       38
       38
       +
       

     

       39
       39
       +
           port = mkOption {

     

       40
       40
       +
             type = types.port;

     

       41
       41
       +
             description = mdDoc "Listen port for the ssh server";

     

       42
       42
       +
             default = 2222;

     

       43
       43
       +
           };

     

       44
       44
       +
       

     

       45
       45
       +
           openFirewall = mkOption {

     

       46
       46
       +
             type = types.bool;

     

       47
       47
       +
             default = true;

     

       48
       48
       +
             description = mdDoc "Whether to automatically open the specified ports in the firewall.";

     

       49
       49
       +
           };

     

       50
       50
       +
       

     

       51
       51
       +
           advertisedPort = mkOption {

     

       52
       52
       +
             type = types.port;

     

       53
       53
       +
             description = mdDoc "External port advertised to clients";

     

       54
       54
       +
           };

     

       55
       55
       +
       

     

       56
       56
       +
           keysDir = mkOption {

     

       57
       57
       +
             type = with types; nullOr str;

     

       58
       58
       +
             description = mdDoc "Directory containing ssh keys, defaulting to auto-generation";

     

       59
       59
       +
             default = null;

     

       60
       60
       +
           };

     

       61
       61
       +
         };

     

       62
       62
       +
       

     

       63
       63
       +
         config = mkIf cfg.enable {

     

       64
       64
       +
       

     

       65
       65
       +
           networking.firewall.allowedTCPPorts = optionals cfg.openFirewall [ cfg.port ];

     

       66
       66
       +
       

     

       67
       67
       +
           services.tmate-ssh-server = {

     

       68
       68
       +
             advertisedPort = mkDefault cfg.port;

     

       69
       69
       +
           };

     

       70
       70
       +
       

     

       71
       71
       +
           environment.systemPackages =

     

       72
       72
       +
             let

     

       73
       73
       +
               tmate-config = pkgs.writeText "tmate.conf"

     

       74
       74
       +
                 ''

     

       75
       75
       +
                   set -g tmate-server-host "${cfg.host}"

     

       76
       76
       +
                   set -g tmate-server-port ${toString cfg.port}

     

       77
       77
       +
                   set -g tmate-server-ed25519-fingerprint "@ed25519_fingerprint@"

     

       78
       78
       +
                   set -g tmate-server-rsa-fingerprint "@rsa_fingerprint@"

     

       79
       79
       +
                 '';

     

       80
       80
       +
             in

     

       81
       81
       +
             [

     

       82
       82
       +
               (pkgs.writeShellApplication {

     

       83
       83
       +
                 name = "tmate-client-config";

     

       84
       84
       +
                 runtimeInputs = with pkgs;[ openssh coreutils sd ];

     

       85
       85
       +
                 text = ''

     

       86
       86
       +
                   RSA_SIG="$(ssh-keygen -l -E SHA256 -f "${keysDir}/ssh_host_rsa_key.pub" | cut -d ' ' -f 2)"

     

       87
       87
       +
                   ED25519_SIG="$(ssh-keygen -l -E SHA256 -f "${keysDir}/ssh_host_ed25519_key.pub" | cut -d ' ' -f 2)"

     

       88
       88
       +
                   sd -sp '@ed25519_fingerprint@' "$ED25519_SIG" ${tmate-config} | \

     

       89
       89
       +
                     sd -sp '@rsa_fingerprint@' "$RSA_SIG"

     

       90
       90
       +
                 '';

     

       91
       91
       +
               })

     

       92
       92
       +
             ];

     

       93
       93
       +
       

     

       94
       94
       +
           systemd.services.tmate-ssh-server = {

     

       95
       95
       +
             description = "tmate SSH Server";

     

       96
       96
       +
             after = [ "network.target" ];

     

       97
       97
       +
             wantedBy = [ "multi-user.target" ];

     

       98
       98
       +
             serviceConfig = {

     

       99
       99
       +
               ExecStart = "${cfg.package}/bin/tmate-ssh-server -h ${cfg.host} -p ${toString cfg.port} -q ${toString cfg.advertisedPort} -k ${keysDir}";

     

       100
       100
       +
             };

     

       101
       101
       +
             preStart = mkIf (cfg.keysDir == null) ''

     

       102
       102
       +
               if [[ ! -d ${defaultKeysDir} ]]

     

       103
       103
       +
               then

     

       104
       104
       +
                 mkdir -p ${defaultKeysDir}

     

       105
       105
       +
               fi

     

       106
       106
       +
               if [[ ! -f ${edKey} ]]

     

       107
       107
       +
               then

     

       108
       108
       +
                 ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f ${edKey} -N ""

     

       109
       109
       +
               fi

     

       110
       110
       +
               if [[ ! -f ${rsaKey} ]]

     

       111
       111
       +
               then

     

       112
       112
       +
                 ${pkgs.openssh}/bin/ssh-keygen -t rsa -f ${rsaKey} -N ""

     

       113
       113
       +
               fi

     

       114
       114
       +
             '';

     

       115
       115
       +
           };

     

       116
       116
       +
         };

     

       117
       117
       +
       

     

       118
       118
       +
         meta = {

     

       119
       119
       +
           maintainers = with maintainers; [ jlesquembre ];

     

       120
       120
       +
         };

     

       121
       121
       +
       

     

       122
       122
       +
       }

nixos/tests/all-tests.nix

···

       626
       626
        
         tinc = handleTest ./tinc {};

     

       627
       627
        
         tinydns = handleTest ./tinydns.nix {};

     

       628
       628
        
         tinywl = handleTest ./tinywl.nix {};

     

       629
       629
       +
         tmate-ssh-server = handleTest ./tmate-ssh-server.nix { };

     

       629
       630
        
         tomcat = handleTest ./tomcat.nix {};

     

       630
       631
        
         tor = handleTest ./tor.nix {};

     

       631
       632
        
         # traefik test relies on docker-containers

+73

nixos/tests/tmate-ssh-server.nix

···

       1
       1
       +
       import ./make-test-python.nix ({ pkgs, lib, ... }:

     

       2
       2
       +
       let

     

       3
       3
       +
         inherit (import ./ssh-keys.nix pkgs)

     

       4
       4
       +
           snakeOilPrivateKey snakeOilPublicKey;

     

       5
       5
       +
       

     

       6
       6
       +
         setUpPrivateKey = name: ''

     

       7
       7
       +
           ${name}.succeed(

     

       8
       8
       +
               "mkdir -p /root/.ssh",

     

       9
       9
       +
               "chown 700 /root/.ssh",

     

       10
       10
       +
               "cat '${snakeOilPrivateKey}' > /root/.ssh/id_snakeoil",

     

       11
       11
       +
               "chown 600 /root/.ssh/id_snakeoil",

     

       12
       12
       +
           )

     

       13
       13
       +
           ${name}.wait_for_file("/root/.ssh/id_snakeoil")

     

       14
       14
       +
         '';

     

       15
       15
       +
       

     

       16
       16
       +
         sshOpts = "-oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oIdentityFile=/root/.ssh/id_snakeoil";

     

       17
       17
       +
       

     

       18
       18
       +
       in

     

       19
       19
       +
       {

     

       20
       20
       +
         name = "tmate-ssh-server";

     

       21
       21
       +
         nodes =

     

       22
       22
       +
           {

     

       23
       23
       +
             server = { ... }: {

     

       24
       24
       +
               services.tmate-ssh-server = {

     

       25
       25
       +
                 enable = true;

     

       26
       26
       +
                 port = 2223;

     

       27
       27
       +
               };

     

       28
       28
       +
             };

     

       29
       29
       +
             client = { ... }: {

     

       30
       30
       +
               environment.systemPackages = [ pkgs.tmate ];

     

       31
       31
       +
               services.openssh.enable = true;

     

       32
       32
       +
               users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];

     

       33
       33
       +
             };

     

       34
       34
       +
             client2 = { ... }: {

     

       35
       35
       +
               environment.systemPackages = [ pkgs.openssh ];

     

       36
       36
       +
             };

     

       37
       37
       +
           };

     

       38
       38
       +
         testScript = ''

     

       39
       39
       +
           start_all()

     

       40
       40
       +
       

     

       41
       41
       +
           server.wait_for_unit("tmate-ssh-server.service")

     

       42
       42
       +
           server.wait_for_open_port(2223)

     

       43
       43
       +
           server.wait_for_file("/etc/tmate-ssh-server-keys/ssh_host_ed25519_key.pub")

     

       44
       44
       +
           server.wait_for_file("/etc/tmate-ssh-server-keys/ssh_host_rsa_key.pub")

     

       45
       45
       +
           server.succeed("tmate-client-config > /tmp/tmate.conf")

     

       46
       46
       +
           server.wait_for_file("/tmp/tmate.conf")

     

       47
       47
       +
       

     

       48
       48
       +
           ${setUpPrivateKey "server"}

     

       49
       49
       +
           client.wait_for_unit("sshd.service")

     

       50
       50
       +
           client.wait_for_open_port(22)

     

       51
       51
       +
           server.succeed("scp ${sshOpts} /tmp/tmate.conf client:/tmp/tmate.conf")

     

       52
       52
       +
       

     

       53
       53
       +
           client.wait_for_file("/tmp/tmate.conf")

     

       54
       54
       +
           client.send_chars("root\n")

     

       55
       55
       +
           client.sleep(2)

     

       56
       56
       +
           client.send_chars("tmate -f /tmp/tmate.conf\n")

     

       57
       57
       +
           client.sleep(2)

     

       58
       58
       +
           client.send_chars("q")

     

       59
       59
       +
           client.sleep(2)

     

       60
       60
       +
           client.send_chars("tmate display -p '#{tmate_ssh}' > /tmp/ssh_command\n")

     

       61
       61
       +
           client.wait_for_file("/tmp/ssh_command")

     

       62
       62
       +
           ssh_cmd = client.succeed("cat /tmp/ssh_command")

     

       63
       63
       +
       

     

       64
       64
       +
           client2.succeed("mkdir -p ~/.ssh; ssh-keyscan -p 2223 server > ~/.ssh/known_hosts")

     

       65
       65
       +
           client2.send_chars("root\n")

     

       66
       66
       +
           client2.sleep(2)

     

       67
       67
       +
           client2.send_chars(ssh_cmd.strip() + "\n")

     

       68
       68
       +
           client2.sleep(2)

     

       69
       69
       +
           client2.send_chars("touch /tmp/client_2\n")

     

       70
       70
       +
       

     

       71
       71
       +
           client.wait_for_file("/tmp/client_2")

     

       72
       72
       +
         '';

     

       73
       73
       +
       })

+24 -9

pkgs/servers/tmate-ssh-server/default.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitHub, autoreconfHook, cmake, libtool, pkg-config

     

       2
       2
       -
       , zlib, openssl, libevent, ncurses, ruby, msgpack, libssh }:

     

       1
       1
       +
       { lib

     

       2
       2
       +
       , stdenv

     

       3
       3
       +
       , fetchFromGitHub

     

       4
       4
       +
       , autoreconfHook

     

       5
       5
       +
       , cmake

     

       6
       6
       +
       , libtool

     

       7
       7
       +
       , pkg-config

     

       8
       8
       +
       , zlib

     

       9
       9
       +
       , openssl

     

       10
       10
       +
       , libevent

     

       11
       11
       +
       , ncurses

     

       12
       12
       +
       , ruby

     

       13
       13
       +
       , msgpack

     

       14
       14
       +
       , libssh

     

       15
       15
       +
       , nixosTests

     

       16
       16
       +
       }:

     

       3
       17
        
       

     

       4
       18
        
       stdenv.mkDerivation rec {

     

       5
       19
        
         pname = "tmate-ssh-server";

     

       6
       20
        
         version = "unstable-2021-10-17";

     

       7
       21
        
       

     

       8
       22
        
         src = fetchFromGitHub {

     

       9
       9
       -
           owner  = "tmate-io";

     

       10
       10
       -
           repo   = "tmate-ssh-server";

     

       11
       11
       -
           rev    = "1f314123df2bb29cb07427ed8663a81c8d9034fd";

     

       23
       23
       +
           owner = "tmate-io";

     

       24
       24
       +
           repo = "tmate-ssh-server";

     

       25
       25
       +
           rev = "1f314123df2bb29cb07427ed8663a81c8d9034fd";

     

       12
       26
        
           sha256 = "sha256-9/xlMvtkNWUBRYYnJx20qEgtEcjagH2NtEKZcDOM1BY=";

     

       13
       27
        
         };

     

       14
       28
        
       

     
···

       17
       31
        
         buildInputs = [ libtool zlib openssl libevent ncurses ruby msgpack libssh ];

     

       18
       32
        
         nativeBuildInputs = [ autoreconfHook cmake pkg-config ];

     

       19
       33
        
       

     

       34
       34
       +
         passthru.tests.tmate-ssh-server = nixosTests.tmate-ssh-server;

     

       35
       35
       +
       

     

       20
       36
        
         meta = with lib; {

     

       21
       21
       -
           homepage    = "https://tmate.io/";

     

       37
       37
       +
           homepage = "https://tmate.io/";

     

       22
       38
        
           description = "tmate SSH Server";

     

       23
       23
       -
           license     = licenses.mit;

     

       24
       24
       -
           platforms   = platforms.unix;

     

       39
       39
       +
           license = licenses.mit;

     

       40
       40
       +
           platforms = platforms.unix;

     

       25
       41
        
           maintainers = with maintainers; [ ck3d ];

     

       26
       42
        
         };

     

       27
       43
        
       }

     

       28
       28
       -