From 65cd70ce42d4a46a65f284cbd1386e3e169383e4 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Thu, 17 Jan 2019 17:53:57 +0100 Subject: [PATCH] services: openssh: Add escape hatch. * gnu/services/ssh.scm ()[extra-content]: New field. * doc/guix.texi (Networking Services): Document it. --- doc/guix.texi | 13 +++++++++++++ gnu/services/ssh.scm | 10 ++++++++++ 2 files changed, 23 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index ee7cf1da14..245a18bc70 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -12644,6 +12644,19 @@ This is a symbol specifying the logging level: @code{quiet}, @code{fatal}, @code{error}, @code{info}, @code{verbose}, @code{debug}, etc. See the man page for @file{sshd_config} for the full list of level names. +@item @code{extra-content} (default: @code{""}) +This field can be used to append arbitrary text to the configuration file. It +is especially useful for elaborate configurations that cannot be expressed +otherwise. This configuration, for example, would generally disable root +logins, but permit them from one specific IP address: + +@example +(openssh-configuration + (extra-content "\ +Match Address 192.168.0.1 + PermitRootLogin yes")) +@end example + @end table @end deftp diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index bb94c5f41a..97b7f3c07b 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2016 David Craven ;;; Copyright © 2016 Julien Lepiller ;;; Copyright © 2017 Clément Lassieur +;;; Copyright © 2019 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. ;;; @@ -323,6 +324,12 @@ The other options should be self-descriptive." (log-level openssh-configuration-log-level (default 'info)) + ;; String + ;; This is an "escape hatch" to provide configuration that isn't yet + ;; supported by this configuration record. + (extra-content openssh-configuration-extra-content + (default "")) + ;; list of user-name/file-like tuples (authorized-keys openssh-authorized-keys (default '())) @@ -471,6 +478,9 @@ of user-name/file-like tuples." (match-lambda ((name command) (format port "Subsystem\t~a\t~a\n" name command))) '#$(openssh-configuration-subsystems config)) + + (format port "~a\n" + #$(openssh-configuration-extra-content config)) #t))))) (define (openssh-shepherd-service config)