2022-06-11 12:39:02 -04:00
|
|
|
|
;;; GNU Guix --- Functional package management for GNU
|
|
|
|
|
|
;;; Copyright © 2022 Ludovic Courtès <ludo@gnu.org>
|
2023-03-05 11:17:04 -05:00
|
|
|
|
;;; Copyright © 2023 Janneke Nieuwenhuizen <janneke@gnu.org>
|
2023-06-05 08:34:45 -04:00
|
|
|
|
;;; Copyright © 2023 Nicolas Graves <ngraves@ngraves.fr>
|
2023-05-29 10:30:58 -04:00
|
|
|
|
;;; Copyright © 2023 Efraim Flashner <efraim@flashner.co.il>
|
2022-06-11 12:39:02 -04:00
|
|
|
|
;;;
|
|
|
|
|
|
;;; This file is part of GNU Guix.
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
|
|
|
|
|
;;; under the terms of the GNU General Public License as published by
|
|
|
|
|
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
|
|
|
|
|
;;; your option) any later version.
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; GNU Guix is distributed in the hope that it will be useful, but
|
|
|
|
|
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
|
;;; GNU General Public License for more details.
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; You should have received a copy of the GNU General Public License
|
|
|
|
|
|
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
|
|
(define-module (gnu home services ssh)
|
|
|
|
|
|
#:use-module (guix gexp)
|
|
|
|
|
|
#:use-module (guix records)
|
2023-04-20 07:30:24 -04:00
|
|
|
|
#:use-module (guix deprecation)
|
2022-06-11 12:39:02 -04:00
|
|
|
|
#:use-module (guix diagnostics)
|
|
|
|
|
|
#:use-module (guix i18n)
|
2023-10-22 04:23:19 -04:00
|
|
|
|
#:use-module ((guix utils) #:select (%current-system))
|
2022-06-11 12:39:02 -04:00
|
|
|
|
#:use-module (gnu services)
|
|
|
|
|
|
#:use-module (gnu services configuration)
|
|
|
|
|
|
#:use-module (guix modules)
|
|
|
|
|
|
#:use-module (gnu home services)
|
2023-03-05 11:17:04 -05:00
|
|
|
|
#:use-module (gnu home services shepherd)
|
2022-06-11 12:39:02 -04:00
|
|
|
|
#:use-module ((gnu home services utils)
|
|
|
|
|
|
#:select (object->camel-case-string))
|
2023-10-22 04:23:19 -04:00
|
|
|
|
#:autoload (gnu packages base) (libc-utf8-locales-for-target)
|
2023-03-05 11:17:04 -05:00
|
|
|
|
#:use-module (gnu packages ssh)
|
2022-06-11 12:39:02 -04:00
|
|
|
|
#:use-module (srfi srfi-1)
|
2023-04-20 07:30:24 -04:00
|
|
|
|
#:use-module (srfi srfi-9)
|
|
|
|
|
|
#:use-module (srfi srfi-9 gnu)
|
2022-06-11 12:39:02 -04:00
|
|
|
|
#:use-module (srfi srfi-34)
|
|
|
|
|
|
#:use-module (srfi srfi-35)
|
|
|
|
|
|
#:use-module (ice-9 match)
|
2023-06-05 08:34:45 -04:00
|
|
|
|
#:autoload (ice-9 regex) (string-match match:substring)
|
2022-06-11 12:39:02 -04:00
|
|
|
|
#:export (home-openssh-configuration
|
|
|
|
|
|
home-openssh-configuration-authorized-keys
|
|
|
|
|
|
home-openssh-configuration-known-hosts
|
|
|
|
|
|
home-openssh-configuration-hosts
|
2023-06-05 08:34:45 -04:00
|
|
|
|
home-openssh-configuration-add-keys-to-agent
|
2023-06-05 08:34:47 -04:00
|
|
|
|
home-openssh-configuration?
|
2023-06-05 08:34:48 -04:00
|
|
|
|
|
2023-03-05 11:17:04 -05:00
|
|
|
|
home-ssh-agent-configuration
|
2023-06-05 08:34:48 -04:00
|
|
|
|
home-ssh-agent-openssh
|
|
|
|
|
|
home-ssh-agent-socket-directory
|
|
|
|
|
|
home-ssh-agent-extra-options
|
2023-06-05 08:34:47 -04:00
|
|
|
|
home-ssh-agent-configuration?
|
2022-06-11 12:39:02 -04:00
|
|
|
|
|
|
|
|
|
|
openssh-host
|
|
|
|
|
|
openssh-host-host-name
|
2023-06-05 08:34:46 -04:00
|
|
|
|
openssh-host-match-criteria
|
2022-06-11 12:39:02 -04:00
|
|
|
|
openssh-host-identity-file
|
|
|
|
|
|
openssh-host-name
|
|
|
|
|
|
openssh-host-port
|
|
|
|
|
|
openssh-host-user
|
|
|
|
|
|
openssh-host-forward-x11?
|
|
|
|
|
|
openssh-host-forward-x11-trusted?
|
|
|
|
|
|
openssh-host-forward-agent?
|
|
|
|
|
|
openssh-host-compression?
|
|
|
|
|
|
openssh-host-proxy-command
|
|
|
|
|
|
openssh-host-host-key-algorithms
|
|
|
|
|
|
openssh-host-accepted-key-types
|
|
|
|
|
|
openssh-host-extra-content
|
2023-04-20 07:30:24 -04:00
|
|
|
|
proxy-jump
|
|
|
|
|
|
proxy-jump-host-name
|
|
|
|
|
|
proxy-jump-port
|
|
|
|
|
|
proxy-jump-user
|
|
|
|
|
|
proxy-command
|
|
|
|
|
|
proxy-command->string
|
2022-06-11 12:39:02 -04:00
|
|
|
|
|
2023-03-05 11:17:04 -05:00
|
|
|
|
home-openssh-service-type
|
|
|
|
|
|
home-ssh-agent-service-type))
|
2022-06-11 12:39:02 -04:00
|
|
|
|
|
|
|
|
|
|
(define (serialize-field-name name)
|
|
|
|
|
|
(match name
|
|
|
|
|
|
('accepted-key-types "PubkeyAcceptedKeyTypes")
|
|
|
|
|
|
(_
|
|
|
|
|
|
(let ((name (let ((str (symbol->string name)))
|
|
|
|
|
|
(if (string-suffix? "?" str)
|
|
|
|
|
|
(string->symbol (string-drop-right str 1))
|
|
|
|
|
|
name))))
|
|
|
|
|
|
(object->camel-case-string name 'upper)))))
|
|
|
|
|
|
|
|
|
|
|
|
(define (serialize-string field value)
|
|
|
|
|
|
(string-append " " (serialize-field-name field)
|
|
|
|
|
|
" " value "\n"))
|
|
|
|
|
|
|
|
|
|
|
|
(define (address-family? obj)
|
2022-08-24 08:40:41 -04:00
|
|
|
|
(memv obj (list AF_INET AF_INET6)))
|
|
|
|
|
|
|
|
|
|
|
|
(define-maybe address-family)
|
2022-06-11 12:39:02 -04:00
|
|
|
|
|
|
|
|
|
|
(define (serialize-address-family field family)
|
2022-08-24 08:40:41 -04:00
|
|
|
|
(if (maybe-value-set? family)
|
2022-06-11 12:39:02 -04:00
|
|
|
|
(string-append " " (serialize-field-name field) " "
|
|
|
|
|
|
(cond ((= family AF_INET) "inet")
|
|
|
|
|
|
((= family AF_INET6) "inet6")
|
|
|
|
|
|
;; The 'else' branch is unreachable.
|
2023-06-05 08:34:46 -04:00
|
|
|
|
(else
|
|
|
|
|
|
(raise
|
|
|
|
|
|
(formatted-message
|
|
|
|
|
|
(G_ "~s: invalid address family value")
|
|
|
|
|
|
family))))
|
2022-08-24 08:40:41 -04:00
|
|
|
|
"\n")
|
|
|
|
|
|
""))
|
2022-06-11 12:39:02 -04:00
|
|
|
|
|
|
|
|
|
|
(define (natural-number? obj)
|
|
|
|
|
|
(and (integer? obj) (exact? obj) (> obj 0)))
|
|
|
|
|
|
|
|
|
|
|
|
(define (serialize-natural-number field value)
|
|
|
|
|
|
(string-append " " (serialize-field-name field) " "
|
|
|
|
|
|
(number->string value) "\n"))
|
|
|
|
|
|
|
2023-05-29 10:30:58 -04:00
|
|
|
|
(define-maybe boolean)
|
|
|
|
|
|
|
2022-06-11 12:39:02 -04:00
|
|
|
|
(define (serialize-boolean field value)
|
|
|
|
|
|
(string-append " " (serialize-field-name field) " "
|
|
|
|
|
|
(if value "yes" "no") "\n"))
|
|
|
|
|
|
|
|
|
|
|
|
(define-maybe string)
|
|
|
|
|
|
(define-maybe natural-number)
|
|
|
|
|
|
|
|
|
|
|
|
(define (serialize-raw-configuration-string field value)
|
|
|
|
|
|
(string-append value "\n"))
|
|
|
|
|
|
(define raw-configuration-string? string?)
|
|
|
|
|
|
|
|
|
|
|
|
(define (string-list? lst)
|
|
|
|
|
|
(and (pair? lst) (every string? lst)))
|
|
|
|
|
|
(define (serialize-string-list field lst)
|
|
|
|
|
|
(string-append " " (serialize-field-name field) " "
|
|
|
|
|
|
(string-join lst ",") "\n"))
|
|
|
|
|
|
|
|
|
|
|
|
(define-maybe string-list)
|
|
|
|
|
|
|
2023-04-20 07:30:24 -04:00
|
|
|
|
(define-record-type <proxy-command>
|
|
|
|
|
|
(proxy-command command)
|
|
|
|
|
|
proxy-command?
|
|
|
|
|
|
(command proxy-command->string))
|
|
|
|
|
|
|
|
|
|
|
|
(set-record-type-printer! <proxy-command>
|
|
|
|
|
|
(lambda (obj port)
|
|
|
|
|
|
(format port "#<proxy-command ~s>" (proxy-command->string obj))))
|
|
|
|
|
|
|
|
|
|
|
|
(define-configuration/no-serialization proxy-jump
|
|
|
|
|
|
(user
|
|
|
|
|
|
maybe-string
|
|
|
|
|
|
"User name on the remote host.")
|
|
|
|
|
|
(host-name
|
|
|
|
|
|
(string)
|
|
|
|
|
|
"Host name---e.g., @code{foo.example.org} or @code{192.168.1.2}.")
|
|
|
|
|
|
(port
|
|
|
|
|
|
maybe-natural-number
|
|
|
|
|
|
"TCP port number to connect to."))
|
|
|
|
|
|
|
|
|
|
|
|
(define (proxy-jump->string proxy-jump)
|
|
|
|
|
|
(match-record proxy-jump <proxy-jump>
|
|
|
|
|
|
(host-name user port)
|
|
|
|
|
|
(string-append
|
|
|
|
|
|
(if (maybe-value-set? user) (string-append user "@") "")
|
|
|
|
|
|
host-name
|
|
|
|
|
|
(if (maybe-value-set? port) (string-append ":" (number->string port)) ""))))
|
|
|
|
|
|
|
|
|
|
|
|
(define (proxy-command-or-jump-list? x)
|
|
|
|
|
|
(or (proxy-command? x)
|
|
|
|
|
|
(and (list? x)
|
|
|
|
|
|
(every proxy-jump? x))))
|
|
|
|
|
|
|
|
|
|
|
|
(define (serialize-proxy-command-or-jump-list field value)
|
|
|
|
|
|
(if (proxy-command? value)
|
|
|
|
|
|
(serialize-string 'proxy-command (proxy-command->string value))
|
|
|
|
|
|
(serialize-string-list 'proxy-jump (map proxy-jump->string value))))
|
|
|
|
|
|
|
|
|
|
|
|
(define-maybe proxy-command-or-jump-list)
|
|
|
|
|
|
|
|
|
|
|
|
(define (sanitize-proxy-command properties)
|
|
|
|
|
|
(lambda (value)
|
|
|
|
|
|
(when (maybe-value-set? value)
|
|
|
|
|
|
(warn-about-deprecation 'proxy-command properties #:replacement 'proxy))
|
|
|
|
|
|
(unless (maybe-string? value)
|
|
|
|
|
|
(configuration-field-error (source-properties->location properties) 'proxy-command value))
|
|
|
|
|
|
value))
|
|
|
|
|
|
|
2023-06-05 08:34:46 -04:00
|
|
|
|
(define ssh-match-keywords
|
|
|
|
|
|
'(canonical final exec host originalhost user localuser))
|
|
|
|
|
|
|
|
|
|
|
|
(define (match-criteria? str)
|
|
|
|
|
|
;; Rule out the case of "all" keyword.
|
|
|
|
|
|
(if (member str '("all"
|
|
|
|
|
|
"canonical all"
|
|
|
|
|
|
"final all"))
|
|
|
|
|
|
#t
|
|
|
|
|
|
(let* ((first (string-take str (string-index str #\ )))
|
|
|
|
|
|
(keyword (string->symbol (if (string-prefix? "!" first)
|
|
|
|
|
|
(string-drop first 1)
|
|
|
|
|
|
first))))
|
|
|
|
|
|
(memq keyword ssh-match-keywords))))
|
|
|
|
|
|
|
2023-07-21 16:08:07 -04:00
|
|
|
|
(define (serialize-match-criteria _ value)
|
|
|
|
|
|
(string-append "Match " value "\n"))
|
|
|
|
|
|
|
2023-06-05 08:34:46 -04:00
|
|
|
|
(define-maybe match-criteria)
|
|
|
|
|
|
|
2022-06-11 12:39:02 -04:00
|
|
|
|
(define-configuration openssh-host
|
|
|
|
|
|
(name
|
2023-06-05 08:34:46 -04:00
|
|
|
|
maybe-string
|
|
|
|
|
|
"Name of this host declaration. A @code{openssh-host} must define only
|
|
|
|
|
|
@code{name} or @code{match-criteria}. Use host-name @code{\"*\"} for
|
|
|
|
|
|
top-level options.")
|
2022-06-11 12:39:02 -04:00
|
|
|
|
(host-name
|
|
|
|
|
|
maybe-string
|
|
|
|
|
|
"Host name---e.g., @code{\"foo.example.org\"} or @code{\"192.168.1.2\"}.")
|
2023-07-21 16:08:07 -04:00
|
|
|
|
(match-criteria
|
2023-06-05 08:34:46 -04:00
|
|
|
|
maybe-match-criteria
|
|
|
|
|
|
"When specified, this string denotes the set of hosts to which the entry
|
|
|
|
|
|
applies, superseding the @code{host-name} field. Its first element must be
|
|
|
|
|
|
all or one of @code{ssh-match-keywords}. The rest of the elements are
|
|
|
|
|
|
arguments for the keyword, or other criteria. A @code{openssh-host} must
|
|
|
|
|
|
define only @code{name} or @code{match-criteria}. Other host configuration
|
|
|
|
|
|
options will apply to all hosts matching @code{match-criteria}.")
|
2022-06-11 12:39:02 -04:00
|
|
|
|
(address-family
|
2022-08-24 08:40:41 -04:00
|
|
|
|
maybe-address-family
|
2022-06-11 12:39:02 -04:00
|
|
|
|
"Address family to use when connecting to this host: one of
|
2022-08-10 09:06:08 -04:00
|
|
|
|
@code{AF_INET} (for IPv4 only), @code{AF_INET6} (for IPv6 only).
|
|
|
|
|
|
Additionally, the field can be left unset to allow any address family.")
|
2022-06-11 12:39:02 -04:00
|
|
|
|
(identity-file
|
|
|
|
|
|
maybe-string
|
|
|
|
|
|
"The identity file to use---e.g.,
|
|
|
|
|
|
@code{\"/home/charlie/.ssh/id_ed25519\"}.")
|
|
|
|
|
|
(port
|
|
|
|
|
|
maybe-natural-number
|
|
|
|
|
|
"TCP port number to connect to.")
|
|
|
|
|
|
(user
|
|
|
|
|
|
maybe-string
|
|
|
|
|
|
"User name on the remote host.")
|
|
|
|
|
|
(forward-x11?
|
2023-05-29 10:30:58 -04:00
|
|
|
|
maybe-boolean
|
2022-06-11 12:39:02 -04:00
|
|
|
|
"Whether to forward remote client connections to the local X11 graphical
|
|
|
|
|
|
display.")
|
|
|
|
|
|
(forward-x11-trusted?
|
2023-05-29 10:30:58 -04:00
|
|
|
|
maybe-boolean
|
2022-06-11 12:39:02 -04:00
|
|
|
|
"Whether remote X11 clients have full access to the original X11 graphical
|
|
|
|
|
|
display.")
|
|
|
|
|
|
(forward-agent?
|
2023-05-29 10:30:58 -04:00
|
|
|
|
maybe-boolean
|
2022-06-11 12:39:02 -04:00
|
|
|
|
"Whether the authentication agent (if any) is forwarded to the remote
|
|
|
|
|
|
machine.")
|
|
|
|
|
|
(compression?
|
2023-05-29 10:30:58 -04:00
|
|
|
|
maybe-boolean
|
2022-06-11 12:39:02 -04:00
|
|
|
|
"Whether to compress data in transit.")
|
|
|
|
|
|
(proxy-command
|
|
|
|
|
|
maybe-string
|
|
|
|
|
|
"The command to use to connect to the server. As an example, a command
|
|
|
|
|
|
to connect via an HTTP proxy at 192.0.2.0 would be: @code{\"nc -X
|
2023-04-20 07:30:24 -04:00
|
|
|
|
connect -x 192.0.2.0:8080 %h %p\"}. Using 'proxy-command' is deprecated, use
|
|
|
|
|
|
'proxy' instead."
|
|
|
|
|
|
(sanitizer (sanitize-proxy-command (current-source-location))))
|
|
|
|
|
|
(proxy
|
|
|
|
|
|
maybe-proxy-command-or-jump-list
|
|
|
|
|
|
"The command to use to connect to the server or a list of SSH hosts to jump
|
|
|
|
|
|
through before connecting to the server.")
|
2022-06-11 12:39:02 -04:00
|
|
|
|
(host-key-algorithms
|
|
|
|
|
|
maybe-string-list
|
|
|
|
|
|
"The list of accepted host key algorithms---e.g.,
|
|
|
|
|
|
@code{'(\"ssh-ed25519\")}.")
|
|
|
|
|
|
(accepted-key-types
|
|
|
|
|
|
maybe-string-list
|
|
|
|
|
|
"The list of accepted user public key types.")
|
|
|
|
|
|
(extra-content
|
|
|
|
|
|
(raw-configuration-string "")
|
|
|
|
|
|
"Extra content appended as-is to this @code{Host} block in
|
|
|
|
|
|
@file{~/.ssh/config}."))
|
|
|
|
|
|
|
|
|
|
|
|
(define (serialize-openssh-host config)
|
2023-06-05 08:34:46 -04:00
|
|
|
|
(define (openssh-host-name-or-match-field? field)
|
|
|
|
|
|
(or (eq? (configuration-field-name field) 'name)
|
|
|
|
|
|
(eq? (configuration-field-name field) 'match-criteria)))
|
2022-06-11 12:39:02 -04:00
|
|
|
|
|
|
|
|
|
|
(string-append
|
2023-06-05 08:34:46 -04:00
|
|
|
|
(if (maybe-value-set? (openssh-host-name config))
|
|
|
|
|
|
(if (maybe-value-set? (openssh-host-match-criteria config))
|
|
|
|
|
|
(raise
|
|
|
|
|
|
(formatted-message
|
|
|
|
|
|
(G_ "define either 'name' or 'match-criteria', not both")))
|
|
|
|
|
|
(string-append "Host " (openssh-host-name config) "\n"))
|
|
|
|
|
|
(if (maybe-value-set? (openssh-host-match-criteria config))
|
2023-07-21 16:08:07 -04:00
|
|
|
|
(serialize-match-criteria #t (openssh-host-match-criteria config))
|
2023-06-05 08:34:46 -04:00
|
|
|
|
(raise
|
|
|
|
|
|
(formatted-message
|
|
|
|
|
|
(G_ "define either 'name' or 'match-criteria' once")))))
|
2022-06-11 12:39:02 -04:00
|
|
|
|
(string-concatenate
|
|
|
|
|
|
(map (lambda (field)
|
|
|
|
|
|
((configuration-field-serializer field)
|
|
|
|
|
|
(configuration-field-name field)
|
|
|
|
|
|
((configuration-field-getter field) config)))
|
2023-06-05 08:34:46 -04:00
|
|
|
|
(remove openssh-host-name-or-match-field?
|
2022-06-11 12:39:02 -04:00
|
|
|
|
openssh-host-fields)))))
|
|
|
|
|
|
|
|
|
|
|
|
(define-record-type* <home-openssh-configuration>
|
|
|
|
|
|
home-openssh-configuration make-home-openssh-configuration
|
|
|
|
|
|
home-openssh-configuration?
|
2023-06-05 08:34:45 -04:00
|
|
|
|
(authorized-keys home-openssh-configuration-authorized-keys ;list of file-like
|
|
|
|
|
|
(default #f))
|
|
|
|
|
|
(known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like
|
|
|
|
|
|
(default *unspecified*))
|
|
|
|
|
|
(hosts home-openssh-configuration-hosts ;list of <openssh-host>
|
|
|
|
|
|
(default '()))
|
|
|
|
|
|
(add-keys-to-agent home-openssh-configuration-add-keys-to-agent ;string with limited values
|
|
|
|
|
|
(default "no")))
|
|
|
|
|
|
|
|
|
|
|
|
(define (serialize-add-keys-to-agent value)
|
|
|
|
|
|
(define (valid-time-string? str)
|
|
|
|
|
|
(and (> (string-length str) 0)
|
|
|
|
|
|
(equal?
|
|
|
|
|
|
str
|
|
|
|
|
|
(match:substring
|
|
|
|
|
|
(string-match "\
|
|
|
|
|
|
[0-9]+|([0-9]+[Ww])?([0-9]+[Dd])?([0-9]+[Hh])?([0-9]+[Mm])?([0-9]+[Ss])?"
|
|
|
|
|
|
str)))))
|
|
|
|
|
|
|
|
|
|
|
|
(string-append "AddKeysToAgent "
|
|
|
|
|
|
(cond ((member value '("yes" "no" "confirm" "ask")) value)
|
|
|
|
|
|
((valid-time-string? value) value)
|
|
|
|
|
|
((and (string-prefix? "confirm" value)
|
|
|
|
|
|
(valid-time-string?
|
|
|
|
|
|
(cdr (string-split value #\ )))) value)
|
|
|
|
|
|
;; The 'else' branch is unreachable.
|
|
|
|
|
|
(else
|
|
|
|
|
|
(raise
|
|
|
|
|
|
(formatted-message
|
|
|
|
|
|
(G_ "~s: invalid 'add-keys-to-agent' value")
|
|
|
|
|
|
value))))))
|
2022-06-11 12:39:02 -04:00
|
|
|
|
|
|
|
|
|
|
(define (openssh-configuration->string config)
|
2023-06-05 08:34:45 -04:00
|
|
|
|
(string-join
|
|
|
|
|
|
(cons* (serialize-add-keys-to-agent
|
|
|
|
|
|
(home-openssh-configuration-add-keys-to-agent config))
|
|
|
|
|
|
(map serialize-openssh-host
|
|
|
|
|
|
(home-openssh-configuration-hosts config)))
|
|
|
|
|
|
"\n"))
|
2022-06-11 12:39:02 -04:00
|
|
|
|
|
|
|
|
|
|
(define* (file-join name files #:optional (delimiter " "))
|
|
|
|
|
|
"Return a file in the store called @var{name} that is the concatenation
|
|
|
|
|
|
of all the file-like objects listed in @var{files}, with @var{delimited}
|
|
|
|
|
|
inserted after each of them."
|
|
|
|
|
|
(computed-file name
|
|
|
|
|
|
(with-imported-modules '((guix build utils))
|
|
|
|
|
|
#~(begin
|
|
|
|
|
|
(use-modules (guix build utils))
|
|
|
|
|
|
|
|
|
|
|
|
;; Support non-ASCII file names.
|
|
|
|
|
|
(setenv "GUIX_LOCPATH"
|
2023-10-22 04:23:19 -04:00
|
|
|
|
#+(file-append
|
|
|
|
|
|
(libc-utf8-locales-for-target (%current-system))
|
|
|
|
|
|
"/lib/locale"))
|
2022-06-11 12:39:02 -04:00
|
|
|
|
(setlocale LC_ALL "en_US.utf8")
|
|
|
|
|
|
|
|
|
|
|
|
(call-with-output-file #$output
|
|
|
|
|
|
(lambda (output)
|
|
|
|
|
|
(for-each (lambda (file)
|
|
|
|
|
|
(call-with-input-file file
|
|
|
|
|
|
(lambda (input)
|
|
|
|
|
|
(dump-port input output)))
|
|
|
|
|
|
(display #$delimiter output))
|
|
|
|
|
|
'#$files)))))))
|
|
|
|
|
|
|
|
|
|
|
|
(define (openssh-configuration-files config)
|
2023-04-19 12:28:16 -04:00
|
|
|
|
(let* ((ssh-config (plain-file "ssh.conf"
|
|
|
|
|
|
(openssh-configuration->string config)))
|
|
|
|
|
|
(known-hosts (home-openssh-configuration-known-hosts config))
|
|
|
|
|
|
(authorized-keys (home-openssh-configuration-authorized-keys config))
|
|
|
|
|
|
(authorized-keys (and
|
|
|
|
|
|
authorized-keys
|
|
|
|
|
|
(file-join "authorized_keys" authorized-keys "\n"))))
|
|
|
|
|
|
`(,@(if authorized-keys
|
|
|
|
|
|
`((".ssh/authorized_keys" ,authorized-keys))
|
|
|
|
|
|
'())
|
2022-06-11 12:39:02 -04:00
|
|
|
|
,@(if (unspecified? known-hosts)
|
|
|
|
|
|
'()
|
|
|
|
|
|
`((".ssh/known_hosts"
|
|
|
|
|
|
,(file-join "known_hosts" known-hosts "\n"))))
|
2023-04-19 12:28:16 -04:00
|
|
|
|
(".ssh/config" ,ssh-config))))
|
2022-06-11 12:39:02 -04:00
|
|
|
|
|
|
|
|
|
|
(define openssh-activation
|
|
|
|
|
|
(with-imported-modules (source-module-closure
|
|
|
|
|
|
'((gnu build activation)))
|
|
|
|
|
|
#~(begin
|
|
|
|
|
|
(use-modules (gnu build activation))
|
|
|
|
|
|
|
|
|
|
|
|
;; Make sure ~/.ssh is #o700.
|
|
|
|
|
|
(let* ((home (getenv "HOME"))
|
|
|
|
|
|
(dot-ssh (string-append home "/.ssh")))
|
|
|
|
|
|
(mkdir-p/perms dot-ssh (getpw (getuid)) #o700)))))
|
|
|
|
|
|
|
|
|
|
|
|
(define home-openssh-service-type
|
|
|
|
|
|
(service-type
|
|
|
|
|
|
(name 'home-openssh)
|
|
|
|
|
|
(extensions
|
|
|
|
|
|
(list (service-extension home-files-service-type
|
|
|
|
|
|
openssh-configuration-files)
|
|
|
|
|
|
(service-extension home-activation-service-type
|
|
|
|
|
|
(const openssh-activation))))
|
|
|
|
|
|
(description "Configure the OpenSSH @acronym{SSH, secure shell} client
|
|
|
|
|
|
by providing a @file{~/.ssh/config} file, which is honored by the OpenSSH
|
|
|
|
|
|
client,@command{ssh}, and by other tools such as @command{guix deploy}.")
|
|
|
|
|
|
(default-value (home-openssh-configuration))))
|
2023-03-05 11:17:04 -05:00
|
|
|
|
|
|
|
|
|
|
�
|
|
|
|
|
|
;;;
|
|
|
|
|
|
;;; Ssh-agent.
|
|
|
|
|
|
;;;
|
|
|
|
|
|
(define-record-type* <home-ssh-agent-configuration>
|
|
|
|
|
|
home-ssh-agent-configuration make-home-ssh-agent-configuration
|
|
|
|
|
|
home-ssh-agent-configuration?
|
|
|
|
|
|
(openssh home-ssh-agent-openssh ;file-like
|
|
|
|
|
|
(default openssh))
|
|
|
|
|
|
(socket-directory home-ssh-agent-socket-directory ;string
|
2023-03-16 12:09:46 -04:00
|
|
|
|
(default #~(string-append %user-runtime-dir "/ssh-agent")))
|
2023-03-05 11:17:04 -05:00
|
|
|
|
(extra-options home-ssh-agent-extra-options ;list of string
|
|
|
|
|
|
(default '())))
|
|
|
|
|
|
|
|
|
|
|
|
(define (home-ssh-agent-services config)
|
|
|
|
|
|
"Return a <shepherd-service> for an ssh-agent with CONFIG."
|
2023-03-16 16:46:29 -04:00
|
|
|
|
(match-record config <home-ssh-agent-configuration>
|
|
|
|
|
|
(openssh socket-directory extra-options)
|
|
|
|
|
|
(let* ((ssh-agent (file-append openssh "/bin/ssh-agent"))
|
|
|
|
|
|
(socket-file #~(string-append #$socket-directory "/socket"))
|
|
|
|
|
|
(command #~`(#$ssh-agent
|
|
|
|
|
|
"-D" "-a" ,#$socket-file
|
|
|
|
|
|
#$@extra-options))
|
|
|
|
|
|
(log-file #~(string-append %user-log-dir "/ssh-agent.log")))
|
|
|
|
|
|
(list (shepherd-service
|
|
|
|
|
|
(documentation "Run the ssh-agent.")
|
|
|
|
|
|
(provision '(ssh-agent))
|
|
|
|
|
|
(modules '((shepherd support))) ;for '%user-runtime-dir', etc.
|
|
|
|
|
|
(start #~(lambda _
|
|
|
|
|
|
(unless (file-exists? #$socket-directory)
|
|
|
|
|
|
(mkdir-p #$socket-directory)
|
|
|
|
|
|
(chmod #$socket-directory #o700))
|
|
|
|
|
|
(fork+exec-command #$command #:log-file #$log-file)))
|
|
|
|
|
|
(stop #~(make-kill-destructor)))))))
|
2023-03-05 11:17:04 -05:00
|
|
|
|
|
2023-03-17 07:40:16 -04:00
|
|
|
|
(define (home-ssh-agent-environment-variables config)
|
|
|
|
|
|
'(("SSH_AUTH_SOCK"
|
|
|
|
|
|
. "${SSH_AUTH_SOCK-${XDG_RUNTIME_DIR-$HOME/.cache}/ssh-agent/socket}")))
|
|
|
|
|
|
|
2023-03-05 11:17:04 -05:00
|
|
|
|
(define home-ssh-agent-service-type
|
|
|
|
|
|
(service-type
|
|
|
|
|
|
(name 'home-ssh-agent)
|
|
|
|
|
|
(default-value (home-ssh-agent-configuration))
|
|
|
|
|
|
(extensions
|
|
|
|
|
|
(list (service-extension home-shepherd-service-type
|
2023-03-17 07:40:16 -04:00
|
|
|
|
home-ssh-agent-services)
|
|
|
|
|
|
(service-extension home-environment-variables-service-type
|
|
|
|
|
|
home-ssh-agent-environment-variables)))
|
2023-03-05 11:17:04 -05:00
|
|
|
|
(description
|
|
|
|
|
|
"Install and configure @command{ssh-agent} as a Shepherd service.")))
|
