gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/nix.sshServe: remove with lib;

Browse Source
This commit is contained in:
Felix Buehler
2024-08-24 22:05:50 +02:00
parent 42bdc30f19
commit b48bee9985
1 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
nixos/modules/services/misc/nix-ssh-serve.nix
View File

@@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let cfg = config.nix.sshServe; let cfg = config.nix.sshServe;
command = command =
if cfg.protocol == "ssh" if cfg.protocol == "ssh"
@@ -11,27 +9,27 @@ in {
nix.sshServe = { nix.sshServe = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = "Whether to enable serving the Nix store as a remote store via SSH."; description = "Whether to enable serving the Nix store as a remote store via SSH.";
}; };
write = mkOption { write = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = "Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the {option}`nix.settings.trusted-users` option in most use cases, such as allowing remote building of derivations."; description = "Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the {option}`nix.settings.trusted-users` option in most use cases, such as allowing remote building of derivations.";
}; };
keys = mkOption { keys = lib.mkOption {
type = types.listOf types.str; type = lib.types.listOf lib.types.str;
default = []; default = [];
example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ]; example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ];
description = "A list of SSH public keys allowed to access the binary cache via SSH."; description = "A list of SSH public keys allowed to access the binary cache via SSH.";
}; };
protocol = mkOption { protocol = lib.mkOption {
type = types.enum [ "ssh" "ssh-ng" ]; type = lib.types.enum [ "ssh" "ssh-ng" ];
default = "ssh"; default = "ssh";
description = "The specific Nix-over-SSH protocol to use."; description = "The specific Nix-over-SSH protocol to use.";
}; };
@@ -40,7 +38,7 @@ in {
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.users.nix-ssh = { users.users.nix-ssh = {
description = "Nix SSH store user"; description = "Nix SSH store user";