diff options
author | Peter Simons <simons@cryp.to> | 2015-05-22 20:51:42 +0200 |
---|---|---|
committer | Peter Simons <simons@cryp.to> | 2015-05-22 20:51:42 +0200 |
commit | 50fa9d8eeab5e90e8d673c5d65a0af2a7c57b2fe (patch) | |
tree | 7f841218364da5f890a7c72880bc339ed0e1c9c2 /nixos | |
parent | 06f3c4dba547835cc18228fc84814c9f53a96748 (diff) | |
parent | 86d299bc6ec739702c5c8d2aae3e2d6b2bb94b1e (diff) | |
download | nixpkgs-50fa9d8eeab5e90e8d673c5d65a0af2a7c57b2fe.tar nixpkgs-50fa9d8eeab5e90e8d673c5d65a0af2a7c57b2fe.tar.gz nixpkgs-50fa9d8eeab5e90e8d673c5d65a0af2a7c57b2fe.tar.bz2 nixpkgs-50fa9d8eeab5e90e8d673c5d65a0af2a7c57b2fe.tar.lz nixpkgs-50fa9d8eeab5e90e8d673c5d65a0af2a7c57b2fe.tar.xz nixpkgs-50fa9d8eeab5e90e8d673c5d65a0af2a7c57b2fe.tar.zst nixpkgs-50fa9d8eeab5e90e8d673c5d65a0af2a7c57b2fe.zip |
Merge pull request #7941 from peti/allow-custom-ssh-moduli-file
nixos: add config.services.openssh.moduliFile option so that users can replace the default file from OpenSSH
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 6cc86b4e4b5..14d516ddbb6 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -268,6 +268,16 @@ in }; }; + moduliFile = mkOption { + example = "services.openssh.moduliFile = /etc/my-local-ssh-moduli;"; + type = types.path; + description = '' + Path to <literal>moduli</literal> file to install in + <literal>/etc/ssh/moduli</literal>. If this option is unset, then + the <literal>moduli</literal> file shipped with OpenSSH will be used. + ''; + }; + }; users.extraUsers = mkOption { @@ -286,8 +296,10 @@ in description = "SSH privilege separation user"; }; + services.openssh.moduliFile = mkDefault "${cfgc.package}/etc/ssh/moduli"; + environment.etc = authKeysFiles ++ [ - { source = "${cfgc.package}/etc/ssh/moduli"; + { source = cfg.moduliFile; target = "ssh/moduli"; } { text = knownHostsText; |