pyrox.dev
ssh service: add sftpFlags option
+11
-2
nixos/modules/services/networking/ssh/sshd.nix
+11
-2
nixos/modules/services/networking/ssh/sshd.nix
···
103
103
'';
104
104
};
105
105
106
+
sftpFlags = mkOption {
107
+
type = with types; listOf str;
108
+
default = [];
109
+
example = [ "-f AUTHPRIV" "-l INFO" ];
110
+
description = ''
111
+
Commandline flags to add to sftp-server.
112
+
'';
113
+
};
114
+
106
115
permitRootLogin = mkOption {
107
116
default = "prohibit-password";
108
117
type = types.enum ["yes" "without-password" "prohibit-password" "forced-commands-only" "no"];
···
208
217
};
209
218
210
219
moduliFile = mkOption {
211
-
example = "services.openssh.moduliFile = /etc/my-local-ssh-moduli;";
220
+
example = "/etc/my-local-ssh-moduli;";
212
221
type = types.path;
213
222
description = ''
214
223
Path to <literal>moduli</literal> file to install in
···
338
347
''}
339
348
340
349
${optionalString cfg.allowSFTP ''
341
-
Subsystem sftp ${cfgc.package}/libexec/sftp-server
350
+
Subsystem sftp ${cfgc.package}/libexec/sftp-server ${concatStringsSep " " cfg.sftpFlags}
342
351
''}
343
352
344
353
PermitRootLogin ${cfg.permitRootLogin}