diff options
author | Shea Levy <shea@shealevy.com> | 2018-02-28 17:04:19 -0500 |
---|---|---|
committer | Shea Levy <shea@shealevy.com> | 2018-02-28 17:04:19 -0500 |
commit | 5ff15fbf7d3b6e8eb9aac982459ebd8d081c97f0 (patch) | |
tree | e0787a65884e787b731778cfb3c168822eecccd9 /nixos/modules/services | |
parent | bddc23b13461f2d953309144af73a357fe5ffa92 (diff) | |
parent | 4de72b90f36641c81b19b44b4de0b63cabbf83aa (diff) | |
download | nixlib-5ff15fbf7d3b6e8eb9aac982459ebd8d081c97f0.tar nixlib-5ff15fbf7d3b6e8eb9aac982459ebd8d081c97f0.tar.gz nixlib-5ff15fbf7d3b6e8eb9aac982459ebd8d081c97f0.tar.bz2 nixlib-5ff15fbf7d3b6e8eb9aac982459ebd8d081c97f0.tar.lz nixlib-5ff15fbf7d3b6e8eb9aac982459ebd8d081c97f0.tar.xz nixlib-5ff15fbf7d3b6e8eb9aac982459ebd8d081c97f0.tar.zst nixlib-5ff15fbf7d3b6e8eb9aac982459ebd8d081c97f0.zip |
Merge branch 'nix-ssh-ng'
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/misc/nix-ssh-serve.nix | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/nixos/modules/services/misc/nix-ssh-serve.nix b/nixos/modules/services/misc/nix-ssh-serve.nix index 66148431709f..5bd9cf9086f1 100644 --- a/nixos/modules/services/misc/nix-ssh-serve.nix +++ b/nixos/modules/services/misc/nix-ssh-serve.nix @@ -1,8 +1,12 @@ { config, lib, pkgs, ... }: with lib; - -{ +let cfg = config.nix.sshServe; + command = + if cfg.protocol == "ssh" + then "nix-store --serve" + else "nix-daemon --stdio"; +in { options = { nix.sshServe = { @@ -10,7 +14,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = "Whether to enable serving the Nix store as a binary cache via SSH."; + description = "Whether to enable serving the Nix store as a remote store via SSH."; }; keys = mkOption { @@ -20,14 +24,20 @@ with lib; description = "A list of SSH public keys allowed to access the binary cache via SSH."; }; + protocol = mkOption { + type = types.enum [ "ssh" "ssh-ng" ]; + default = "ssh"; + description = "The specific Nix-over-SSH protocol to use."; + }; + }; }; - config = mkIf config.nix.sshServe.enable { + config = mkIf cfg.enable { users.extraUsers.nix-ssh = { - description = "Nix SSH substituter user"; + description = "Nix SSH store user"; uid = config.ids.uids.nix-ssh; useDefaultShell = true; }; @@ -41,11 +51,11 @@ with lib; PermitTTY no PermitTunnel no X11Forwarding no - ForceCommand ${config.nix.package.out}/bin/nix-store --serve + ForceCommand ${config.nix.package.out}/bin/${command} Match All ''; - users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys; + users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = cfg.keys; }; } |