ssh service: add sftpFlags option

This commit is contained in:
Franz Pletz 2017-09-18 21:43:16 +02:00
parent a796d692c4
commit dc08dcf6e7
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4

View File

@ -103,6 +103,15 @@ in
'';
};
sftpFlags = mkOption {
type = with types; listOf str;
default = [];
example = [ "-f AUTHPRIV" "-l INFO" ];
description = ''
Commandline flags to add to sftp-server.
'';
};
permitRootLogin = mkOption {
default = "prohibit-password";
type = types.enum ["yes" "without-password" "prohibit-password" "forced-commands-only" "no"];
@ -208,7 +217,7 @@ in
};
moduliFile = mkOption {
example = "services.openssh.moduliFile = /etc/my-local-ssh-moduli;";
example = "/etc/my-local-ssh-moduli;";
type = types.path;
description = ''
Path to <literal>moduli</literal> file to install in
@ -338,7 +347,7 @@ in
''}
${optionalString cfg.allowSFTP ''
Subsystem sftp ${cfgc.package}/libexec/sftp-server
Subsystem sftp ${cfgc.package}/libexec/sftp-server ${concatStringsSep " " cfg.sftpFlags}
''}
PermitRootLogin ${cfg.permitRootLogin}