From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id IJEnCfbbBGRy+gAAbAwnHQ (envelope-from ) for ; Sun, 05 Mar 2023 19:14:14 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id KNtYCPbbBGRYRAEAG6o9tA (envelope-from ) for ; Sun, 05 Mar 2023 19:14:14 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A49D42A560 for ; Sun, 5 Mar 2023 19:14:13 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=gnu.org header.s=fencepost-gnu-org header.b=YhCRzq2I; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1678040053; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=t2nVOaNlx+LD9y5GxLnGQE85dQLFw6QbRqyYhZq7cT4=; b=lpxruAp7EsnDPgnCfNUATHj7TVO5/e1of4+Xc7l65WesBUc5mfoCsq2H/U05yq1DVR73r4 CpMmGNnYlVfhNHFkZ5r6avEfkxeAHdsfDuWQXnCtq39AK++9NcLf4yLvPAEVsse7fQKAUw hRfLbHnIwbmcyjCrHR9x6NVGzORO3zFfLpGgTYiMqHRibkVwxsI7c/T3mKnI9XgpH1YRtp 0UjpMzzH/qOqP/5QnDjajg028sPimi2ZgOcLgXJvlUJQyAWe0FS5gIoSyceowZPI+gewyb fzvx1MPfBEV0fVRjz1L0Trp9CVmfChBKgPB3L7JNiP9i7Pxpdh6n6FN7mdgaZw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=gnu.org header.s=fencepost-gnu-org header.b=YhCRzq2I; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1678040053; a=rsa-sha256; cv=none; b=sYZvYas1ZfffUpLaw1HsFN8FjB96bUijtw7WKz2YombzSJX345Hc9MOQf09n72EYp6YfVB Ki5+d8W2M0f0LXmH2A/Zp8JzAEeigvvTmyUbQg3g4H7fsOdlvvvrmn1o/Vi6WAp++YpF8V WgDqDIQBLnZy2zeDypTl0LPcR/5/Pb8wd7BftoutxHFGwyUJEoM5Js/QyfzZ6nzVqZ15wq Sd97waBm1NdslD9PlLK0llOsEYGqjIS572/bh5/p5M6XMbi41k7hoyA9xGwS9UrlR807Fq rhLoBjUWKDVgwr7JVZcEq0KKCAZQlcHLmfZ9yefDUaAb2EHAxmw43plfPGOP2Q== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pYsrz-0005bm-9F; Sun, 05 Mar 2023 13:14:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pYsry-0005bH-L2 for guix-patches@gnu.org; Sun, 05 Mar 2023 13:14:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pYsrx-0007u4-Uv for guix-patches@gnu.org; Sun, 05 Mar 2023 13:14:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pYsrx-00088W-OF for guix-patches@gnu.org; Sun, 05 Mar 2023 13:14:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61483] [PATCH v3 1/3] gnu: home: services: Add home-ssh-agent-service-type. References: <20230213164642.24419-1-janneke@gnu.org> In-Reply-To: <20230213164642.24419-1-janneke@gnu.org> Resent-From: Janneke Nieuwenhuizen Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 05 Mar 2023 18:14:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61483 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61483@debbugs.gnu.org Cc: Janneke Nieuwenhuizen Received: via spool by 61483-submit@debbugs.gnu.org id=B61483.167804001431218 (code B ref 61483); Sun, 05 Mar 2023 18:14:01 +0000 Received: (at 61483) by debbugs.gnu.org; 5 Mar 2023 18:13:34 +0000 Received: from localhost ([127.0.0.1]:40600 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pYsrV-00087M-LR for submit@debbugs.gnu.org; Sun, 05 Mar 2023 13:13:34 -0500 Received: from eggs.gnu.org ([209.51.188.92]:44042) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pYsrT-000877-L5 for 61483@debbugs.gnu.org; Sun, 05 Mar 2023 13:13:32 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pYsrO-0007s2-F8; Sun, 05 Mar 2023 13:13:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=QgFuK22nxe0D9semoV7HnqrB6QX6TQyRNN/dC4ZUMdc=; b=YhCRzq2IkdH1KJ uAzqBtY6zgK/ojbgd2BMizObBY89kVOY3hkQi3Hzrwr76YhqPMpYAKtKhuMfBlkHb+IACBWsFJUDg YUaCGiOad6uAjh9HRbGaiR9JgZk2NgdoZJ1kfszUIWRWG1Q3j6NGVsDTwVjL8j54+2QnMjSnoRIV2 CHiA5objhY17vBVahUDqI+BWLiZrJOG5FK5yCXpTeGgbNXjeprxmj5FW9Hnfztc7KUBOcAFiigvgI IgUshwsal77AfiEEE100XlKvyN7zv11GW3hvxaPBSDf9hVmCXoxT5VzX/YMMnRYZ8ALTSPy/MaOWh ToS0Q9yEeB3DKbDtY0sg==; Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.fritz.box) by fencepost.gnu.org with esmtpa (Exim 4.90_1) (envelope-from ) id 1pYsr4-0004sn-9P; Sun, 05 Mar 2023 13:13:25 -0500 From: Janneke Nieuwenhuizen Date: Sun, 5 Mar 2023 19:13:03 +0100 Message-Id: <20230305181305.30992-1-janneke@gnu.org> X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: X-Migadu-Scanner: scn0.migadu.com X-Migadu-Queue-Id: A49D42A560 X-Spam-Score: -4.21 X-Migadu-Spam-Score: -4.21 List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-TUID: VcyI6pNXHYor From: "Janneke Nieuwenhuizen" * gnu/home/services/ssh.scm: (): New type. (home-ssh-agent-services): New procedure. (home-ssh-agent-service-type): New variable. * doc/guix.texi (Secure Shell): Document it. --- doc/guix.texi | 56 ++++++++++++++++++++++++++++++++++++++- gnu/home/services/ssh.scm | 54 ++++++++++++++++++++++++++++++++++++- 2 files changed, 108 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 74658dbc86..9cf1451814 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -36,7 +36,7 @@ Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@* Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@* Copyright @copyright{} 2016 John Darrington@* Copyright @copyright{} 2016, 2017 Nikita Gillmann@* -Copyright @copyright{} 2016, 2017, 2018, 2019, 2020 Jan Nieuwenhuizen@* +Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2023 Jan Nieuwenhuizen@* Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021 Julien Lepiller@* Copyright @copyright{} 2016 Alex ter Weele@* Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021 Christopher Baines@* @@ -42447,6 +42447,60 @@ Extra content appended as-is to this @code{Host} block in @c %end of fragment +@cindex ssh-agent +The @uref{https://www.openssh.com, OpenSSH package} includes a daemon, +the @command{ssh-agent} command, that manages keys to connect to remote +machines using the @acronym{SSH, secure shell} protocol. With the +@code{(gnu home services ssh-agent)} service, you can configure the +OpenSSH ssh-agent to run upon login. + +When using the @code{home-ssh-agent-service-type}, you need to add your +@file{~/.bash_profile}: + +@example +SSH_AUTH_SOCK=$@{XDG_RUNTIME_DIR-$HOME/.cache@}/ssh-agent/socket +export SSH_AUTH_SOCK +@end example + +Of course, you can do that using the @code{home-bash-service-type}, by +adding something like: + +@lisp +(environment-variables + '(("SSH_AUTH_SOCK" + . "$@{SSH_AUTH_SOCK-$@{XDG_RUNTIME_DIR-$HOME/.cache@}/ssh-agent/socket@}"))) +@end lisp + +Here is an example of a service and its configuration that you could add +to the @code{services} field of your @code{home-environment}: + +@lisp +(service home-ssh-agent-service-type + (home-ssh-agent-configuration + (extra-options '("-t" "1h30m")))) +@end lisp + +@defvr {Scheme Variable} home-ssh-agent-service-type +This is the type of the @code{git daemon} home service, whose value is an +@code{home-ssh-agent-configuration} object. +@end defvr + +@deftp {Data Type} home-ssh-agent-configuration +Available @code{home-ssh-agent-configuration} fields are: + +@table @asis +@item @code{git} (default: @code{git}) (type: file-like) +The git package to use. + +@item @code{socket-directory} (default: @code{@env{XDG_RUNTIME_DIR}/ssh-agent"}) (type: string) +The directory to write the ssh-agent's @file{socket} file. + +@item @code{extra-options} (default: @code{'()}) +Extra options will be passed to @command{ssh-agent}, please run +@command{man ssh-agent} for more information. + +@end table +@end deftp @node Desktop Home Services @subsection Desktop Home Services diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm index d15f5ee912..205650d489 100644 --- a/gnu/home/services/ssh.scm +++ b/gnu/home/services/ssh.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2022 Ludovic Courtès +;;; Copyright © 2023 Janneke Nieuwenhuizen ;;; ;;; This file is part of GNU Guix. ;;; @@ -25,9 +26,12 @@ (define-module (gnu home services ssh) #:use-module (gnu services configuration) #:use-module (guix modules) #:use-module (gnu home services) + #:use-module (gnu home services shepherd) #:use-module ((gnu home services utils) #:select (object->camel-case-string)) #:autoload (gnu packages base) (glibc-utf8-locales) + #:use-module (gnu packages ssh) + #:use-module (shepherd support) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) @@ -36,6 +40,7 @@ (define-module (gnu home services ssh) home-openssh-configuration-authorized-keys home-openssh-configuration-known-hosts home-openssh-configuration-hosts + home-ssh-agent-configuration openssh-host openssh-host-host-name @@ -52,7 +57,8 @@ (define-module (gnu home services ssh) openssh-host-accepted-key-types openssh-host-extra-content - home-openssh-service-type)) + home-openssh-service-type + home-ssh-agent-service-type)) (define (serialize-field-name name) (match name @@ -254,3 +260,49 @@ (define home-openssh-service-type by providing a @file{~/.ssh/config} file, which is honored by the OpenSSH client,@command{ssh}, and by other tools such as @command{guix deploy}.") (default-value (home-openssh-configuration)))) + + +;;; +;;; Ssh-agent. +;;; +(define-record-type* + home-ssh-agent-configuration make-home-ssh-agent-configuration + home-ssh-agent-configuration? + (openssh home-ssh-agent-openssh ;file-like + (default openssh)) + (socket-directory home-ssh-agent-socket-directory ;string + (default (string-append %user-runtime-dir "/ssh-agent"))) + (extra-options home-ssh-agent-extra-options ;list of string + (default '()))) + +(define (home-ssh-agent-services config) + "Return a for an ssh-agent with CONFIG." + (match config + (($ + openssh socket-directory extra-options) + (let* ((ssh-agent (file-append openssh "/bin/ssh-agent")) + (socket-file (string-append socket-directory "/socket")) + (command `(,ssh-agent + "-D" + "-a" ,socket-file + ,@extra-options)) + (log-file (string-append %user-log-dir "/ssh-agent.log"))) + (list (shepherd-service + (documentation "Run the ssh-agent.") + (provision '(ssh-agent)) + (start #~(lambda _ + (unless (file-exists? #$socket-directory) + (mkdir-p #$socket-directory) + (chmod #$socket-directory #o700)) + (fork+exec-command '#$command #:log-file #$log-file))) + (stop #~(make-kill-destructor)))))))) + +(define home-ssh-agent-service-type + (service-type + (name 'home-ssh-agent) + (default-value (home-ssh-agent-configuration)) + (extensions + (list (service-extension home-shepherd-service-type + home-ssh-agent-services))) + (description + "Install and configure @command{ssh-agent} as a Shepherd service."))) -- 2.39.1