nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-19 11:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/ssh: add variant to not set ForwardX11

Browse Source 
ssh_config allows a setting to only be set once and if more complex
conditions are used than having ForwardX11 already defined can be a
problem.
This commit is contained in:
Sandro Jäckel 2023-09-03 17:13:11 +02:00
parent 7eff362ca4
commit 88946fe4d8
No known key found for this signature in database
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/programs/ssh.nix
View File

@ -50,10 +50,11 @@ in
};
forwardX11 = mkOption {
type = types.bool;
type = with lib.types; nullOr bool;
default = false;
description = lib.mdDoc ''
Whether to request X11 forwarding on outgoing connections by default.
If set to null, the option is not set at all.
This is useful for running graphical programs on the remote machine and have them display to your local X11 server.
Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two.
Note: there are some security risks to forwarding an X11 connection.
@ -279,10 +280,10 @@ in
config = {
programs.ssh.setXAuthLocation =
mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11 || config.services.openssh.settings.X11Forwarding);
mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11 == true || config.services.openssh.settings.X11Forwarding);
assertions =
[ { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;
[ { assertion = cfg.forwardX11 == true -> cfg.setXAuthLocation;
message = "cannot enable X11 forwarding without setting XAuth location";
}
] ++ flip mapAttrsToList cfg.knownHosts (name: data: {
@ -303,11 +304,8 @@ in
AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
GlobalKnownHostsFile ${concatStringsSep " " knownHostsFiles}
${optionalString cfg.setXAuthLocation ''
XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
''}
ForwardX11 ${if cfg.forwardX11 then "yes" else "no"}
${optionalString cfg.setXAuthLocation "XAuthLocation ${pkgs.xorg.xauth}/bin/xauth"}
${lib.optionalString (cfg.forwardX11 != null) "ForwardX11 ${if cfg.forwardX11 then "yes" else "no"}"}
${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"}
${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"}