pyrox.dev
ssh service: add sftpFlags option
+11
-2
nixos/modules/services/networking/ssh/sshd.nix
+11
-2
nixos/modules/services/networking/ssh/sshd.nix
···
103
'';
104
};
105
106
permitRootLogin = mkOption {
107
default = "prohibit-password";
108
type = types.enum ["yes" "without-password" "prohibit-password" "forced-commands-only" "no"];
···
208
};
209
210
moduliFile = mkOption {
211
-
example = "services.openssh.moduliFile = /etc/my-local-ssh-moduli;";
212
type = types.path;
213
description = ''
214
Path to <literal>moduli</literal> file to install in
···
338
''}
339
340
${optionalString cfg.allowSFTP ''
341
-
Subsystem sftp ${cfgc.package}/libexec/sftp-server
342
''}
343
344
PermitRootLogin ${cfg.permitRootLogin}
···
103
'';
104
};
105
106
+
sftpFlags = mkOption {
107
+
type = with types; listOf str;
108
+
default = [];
109
+
example = [ "-f AUTHPRIV" "-l INFO" ];
110
+
description = ''
111
+
Commandline flags to add to sftp-server.
112
+
'';
113
+
};
114
+
115
permitRootLogin = mkOption {
116
default = "prohibit-password";
117
type = types.enum ["yes" "without-password" "prohibit-password" "forced-commands-only" "no"];
···
217
};
218
219
moduliFile = mkOption {
220
+
example = "/etc/my-local-ssh-moduli;";
221
type = types.path;
222
description = ''
223
Path to <literal>moduli</literal> file to install in
···
347
''}
348
349
${optionalString cfg.allowSFTP ''
350
+
Subsystem sftp ${cfgc.package}/libexec/sftp-server ${concatStringsSep " " cfg.sftpFlags}
351
''}
352
353
PermitRootLogin ${cfg.permitRootLogin}