commit afeb76d6287955bc8c638365ebefe71a1fd7302a · pyrox.dev/nixpkgs

+45 -32
nixos/modules/services/networking/ssh/sshd.nix
···

       561
       561
        
             };

     

       562
       562
        
       

     

       563
       563
        
           systemd =

     

       564
       564
       -
             let

     

       565
       565
       -
               service =

     

       566
       566
       -
                 { description = "SSH Daemon";

     

       567
       567
       -
                   wantedBy = lib.optional (!cfg.startWhenNeeded) "multi-user.target";

     

       568
       568
       -
                   after = [ "network.target" "sshd-keygen.service" ];

     

       569
       569
       -
                   wants = [ "sshd-keygen.service" ];

     

       570
       570
       -
                   stopIfChanged = false;

     

       571
       571
       -
                   path = [ cfg.package ];

     

       572
       572
       -
                   environment.LD_LIBRARY_PATH = nssModulesPath;

     

       573
       573
       -
       

     

       574
       574
       -
                   restartTriggers = lib.optionals (!cfg.startWhenNeeded) [

     

       575
       575
       -
                     config.environment.etc."ssh/sshd_config".source

     

       576
       576
       -
                   ];

     

       577
       577
       -
       

     

       578
       578
       -
                   serviceConfig =

     

       579
       579
       -
                     { ExecStart =

     

       580
       580
       -
                         (lib.optionalString cfg.startWhenNeeded "-") +

     

       581
       581
       -
                         "${cfg.package}/bin/sshd " + (lib.optionalString cfg.startWhenNeeded "-i ") +

     

       582
       582
       -
                         "-D " +  # don't detach into a daemon process

     

       583
       583
       -
                         "-f /etc/ssh/sshd_config";

     

       584
       584
       -
                       KillMode = "process";

     

       585
       585
       -
                     } // (if cfg.startWhenNeeded then {

     

       586
       586
       -
                       StandardInput = "socket";

     

       587
       587
       -
                       StandardError = "journal";

     

       588
       588
       -
                     } else {

     

       589
       589
       -
                       Restart = "always";

     

       590
       590
       -
                       Type = "simple";

     

       591
       591
       -
                     });

     

       592
       592
       -
                 };

     

       593
       593
       -
             in

     

       594
       564
        
             {

     

       595
       565
        
               sockets.sshd = lib.mkIf cfg.startWhenNeeded {

     

       596
       566
        
                 description = "SSH Socket";

     
···

       607
       577
        
                   # Prevent brute-force attacks from shutting down socket

     

       608
       578
        
                   socketConfig.TriggerLimitIntervalSec = 0;

     

       609
       579
        
               };

     

       610
       610
       -
               services."sshd@" = lib.mkIf cfg.startWhenNeeded service;

     

       611
       611
       -
               services.sshd = lib.mkIf (! cfg.startWhenNeeded) service;

     

       580
       580
       +
       

     

       581
       581
       +
               services."sshd@" = {

     

       582
       582
       +
                 description = "SSH per-connection Daemon";

     

       583
       583
       +
                 after = [ "network.target" "sshd-keygen.service" ];

     

       584
       584
       +
                 wants = [ "sshd-keygen.service" ];

     

       585
       585
       +
                 stopIfChanged = false;

     

       586
       586
       +
                 path = [ cfg.package ];

     

       587
       587
       +
                 environment.LD_LIBRARY_PATH = nssModulesPath;

     

       588
       588
       +
       

     

       589
       589
       +
                 serviceConfig = {

     

       590
       590
       +
                   Type = "notify";

     

       591
       591
       +
                   ExecStart = lib.concatStringsSep " " [

     

       592
       592
       +
                     "-${lib.getExe' cfg.package "sshd"}"

     

       593
       593
       +
                     "-i"

     

       594
       594
       +
                     "-D"

     

       595
       595
       +
                     "-f /etc/ssh/sshd_config"

     

       596
       596
       +
                   ];

     

       597
       597
       +
                   KillMode = "process";

     

       598
       598
       +
                   StandardInput = "socket";

     

       599
       599
       +
                   StandardError = "journal";

     

       600
       600
       +
                 };

     

       601
       601
       +
               };

     

       602
       602
       +
       

     

       603
       603
       +
               services.sshd = lib.mkIf (! cfg.startWhenNeeded) {

     

       604
       604
       +
                 description = "SSH Daemon";

     

       605
       605
       +
                 wantedBy = [ "multi-user.target" ];

     

       606
       606
       +
                 after = [ "network.target" "sshd-keygen.service" ];

     

       607
       607
       +
                 wants = [ "sshd-keygen.service" ];

     

       608
       608
       +
                 stopIfChanged = false;

     

       609
       609
       +
                 path = [ cfg.package ];

     

       610
       610
       +
                 environment.LD_LIBRARY_PATH = nssModulesPath;

     

       611
       611
       +
       

     

       612
       612
       +
                 restartTriggers = [ config.environment.etc."ssh/sshd_config".source ];

     

       613
       613
       +
       

     

       614
       614
       +
                 serviceConfig = {

     

       615
       615
       +
                   Type = "notify";

     

       616
       616
       +
                   Restart = "always";

     

       617
       617
       +
                   ExecStart = lib.concatStringsSep " " [

     

       618
       618
       +
                     (lib.getExe' cfg.package "sshd")

     

       619
       619
       +
                     "-D"

     

       620
       620
       +
                     "-f" "/etc/ssh/sshd_config"

     

       621
       621
       +
                   ];

     

       622
       622
       +
                   KillMode = "process";

     

       623
       623
       +
                 };

     

       624
       624
       +
               };

     

       612
       625
        
       

     

       613
       626
        
               services.sshd-keygen = {

     

       614
       627
        
                 description = "SSH Host Keys Generation";