From: David Craven <david@craven.ch>
To: guix-devel@gnu.org
Cc: David Craven <david@craven.ch>
Subject: [PATCH 2/2] services: Add 'dropbear-service'.
Date: Wed, 13 Jul 2016 18:13:12 +0200 [thread overview]
Message-ID: <20160713161312.20282-3-david@craven.ch> (raw)
In-Reply-To: <20160713161312.20282-1-david@craven.ch>
* gnu/services/ssh.scm (dropbear-service, ...): New variables.
* doc/guix.texi: New node.
---
doc/guix.texi | 18 +++++++++++-
gnu/services/ssh.scm | 83 +++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 96 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 67ece1d..5c501bf 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7738,7 +7738,7 @@ In addition, @var{extra-settings} specifies a string to append to the
configuration file.
@end deffn
-Furthermore, @code{(gnu services ssh)} provides the following service.
+Furthermore, @code{(gnu services ssh)} provides the following services.
@deffn {Scheme Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @
[#:daemonic? #t] [#:interfaces '()] [#:port-number 22] @
@@ -7776,6 +7776,22 @@ root.
The other options should be self-descriptive.
@end deffn
+@deffn {Scheme Procedure} dropbear-service @
+ [#:port-number 22] [#:root-login? #f] @
+ [#:allow-empty-passwords? #f] @
+ [#:password-authentication? #t] @
+ [#:syslog-output? #t]
+Run the @command{dropbear} program from @var{dropbear} to listen on port @var{port-number}.
+
+By default dropbear logs its output to syslogd, unless @var{syslog-output?} is
+set to false. This also makes dropbear-service depend on existence of syslogd
+service.
+
+@var{allow-empty-passwords?} specifies whether to accept connections to accounts
+with empty passwords, and @var{root-login?} specifies whether to accept logging in
+with the root account.
+@end deffn
+
@defvr {Scheme Variable} %facebook-host-aliases
This variable contains a string for use in @file{/etc/hosts}
(@pxref{Host Names,,, libc, The GNU C Library Reference Manual}). Each
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 1eb9382..bf7a5e2 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -17,14 +17,15 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services ssh)
- #:use-module (guix gexp)
- #:use-module (guix records)
+ #:use-module (gnu packages ssh)
#:use-module (gnu services)
#:use-module (gnu services shepherd)
#:use-module (gnu system pam)
- #:use-module (gnu packages ssh)
+ #:use-module (guix gexp)
+ #:use-module (guix records)
#:use-module (srfi srfi-26)
- #:export (lsh-service))
+ #:export (dropbear-service
+ lsh-service))
;;; Commentary:
;;;
@@ -235,4 +236,78 @@ The other options should be self-descriptive."
public-key-authentication?)
(initialize? initialize?))))
+;;;
+;;; Dropbear ssh server
+;;;
+
+(define-record-type* <dropbear-configuration>
+ dropbear-configuration make-dropbear-configuration
+ dropbear-configuration?
+ (dropbear dropbear-configuration-dropbear
+ (default dropbear))
+ (port-number dropbear-configuration-port-number)
+ (syslog-output? dropbear-configuration-syslog-output?)
+ (pid-file dropbear-configuration-pid-file)
+ (root-login? dropbear-configuration-root-login?)
+ (allow-empty-passwords? dropbear-configuration-allow-empty-passwords?)
+ (password-authentication? dropbear-configuration-password-authentication?))
+
+(define (dropbear-activation config)
+ "Return the activation gexp for CONFIG."
+ #~(begin
+ (mkdir-p "/etc/dropbear")))
+
+(define (dropbear-shepherd-service config)
+ "Return a <shepherd-service> for dropbear with CONFIG."
+ (define dropbear (dropbear-configuration-dropbear config))
+
+ (define dropbear-command
+ (append
+ (list
+ #~(string-append #$dropbear "/sbin/dropbear") "-F" "-R"
+ "-p" (number->string (dropbear-configuration-port-number config))
+ "-P" (dropbear-configuration-pid-file config))
+ (if (dropbear-configuration-syslog-output? config) '() '("-E"))
+ (if (dropbear-configuration-root-login? config) '() '("-w"))
+ (if (dropbear-configuration-password-authentication? config) '() '("-s" "-g"))
+ (if (dropbear-configuration-allow-empty-passwords? config) '("-B") '())))
+
+ (define requires
+ (if (dropbear-configuration-syslog-output? config)
+ '(networking syslogd) '(networking)))
+
+ (list (shepherd-service
+ (documentation "Dropbear ssh server")
+ (requirement requires)
+ (provision '(ssh-daemon))
+ (start #~(make-forkexec-constructor #$@dropbear-command))
+ (stop #~(make-kill-destructor)))))
+
+(define dropbear-service-type
+ (service-type (name 'dropbear)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ dropbear-shepherd-service)
+ (service-extension activation-service-type
+ dropbear-activation)))))
+
+(define* (dropbear-service #:key
+ (dropbear dropbear)
+ (port-number 22)
+ (allow-empty-passwords? #f)
+ (root-login? #f)
+ (syslog-output? #t)
+ (pid-file "/var/run/dropbear.pid")
+ (password-authentication? #t))
+ "Run the @command{dropbear} daemon from @var{dropbear} to start a ssh server."
+ (service dropbear-service-type
+ (dropbear-configuration
+ (dropbear dropbear)
+ (port-number port-number)
+ (allow-empty-passwords? allow-empty-passwords?)
+ (root-login? root-login?)
+ (syslog-output? syslog-output?)
+ (pid-file pid-file)
+ (password-authentication? password-authentication?))))
+
;;; ssh.scm ends here
--
2.9.0
next prev parent reply other threads:[~2016-07-13 16:13 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-13 16:13 [PATCH 0/2] Dropbear service take two David Craven
2016-07-13 16:13 ` [PATCH 1/2] gnu: lsh: Move to (gnu packages ssh) David Craven
2016-07-15 15:13 ` Ludovic Courtès
2016-07-13 16:13 ` David Craven [this message]
2016-07-15 16:00 ` [PATCH 2/2] services: Add 'dropbear-service' Ludovic Courtès
-- strict thread matches above, loose matches on Subject: below --
2016-07-04 20:56 [PATCH 1/2] gnu: lsh: Move to (gnu packages ssh) David Craven
2016-07-04 20:56 ` [PATCH 2/2] services: Add 'dropbear-service' David Craven
2016-07-07 17:25 ` Leo Famulari
2016-07-07 17:54 ` David Craven
2016-07-09 14:39 ` David Craven
2016-07-09 18:32 ` Leo Famulari
2016-07-09 21:31 ` David Craven
2016-07-09 22:41 ` Leo Famulari
2016-07-09 22:43 ` Leo Famulari
2016-07-09 23:03 ` David Craven
2016-07-09 23:34 ` David Craven
2016-07-11 8:33 ` Ludovic Courtès
2016-07-13 13:09 ` David Craven
2016-07-13 15:58 ` David Craven
2016-07-13 16:25 ` David Craven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160713161312.20282-3-david@craven.ch \
--to=david@craven.ch \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).