Added option for specifying the path to the private key file sshd should use.

svn path=/nixos/trunk/; revision=34039
2012-05-09 22:13:53 +00:00 · 2012-05-09 22:13:53 +00:00 · 35f9502a27
commit 35f9502a27
parent 658ea20e7f
1 changed files with 18 additions and 4 deletions
--- a/modules/services/networking/ssh/sshd.nix
+++ b/modules/services/networking/ssh/sshd.nix
@ -218,7 +218,21 @@ in

      hostKeyType = mkOption {
        default = "dsa1024";
-        description = "Type of host key to generate (dsa1024/rsa1024/ecdsa521)";
+        description = ''
+          Type of host key to generate (dsa1024/rsa1024/ecdsa521), if
+          the file specified by <literal>hostKeyPath</literal> does not
+          exist when the service starts.
+        '';
+      };
+
+      hostKeyPath = mkOption {
+        default = "/etc/ssh/ssh_host_${hktn}_key";
+        description = ''
+          Path to the server's private key. If there is no key file
+          on this path, it will be generated when the service is
+          started for the first time. Otherwise, the ssh daemon will
+          use the specified key directly in-place.
+        '';
      };

      extraConfig = mkOption {
@ -311,8 +325,8 @@ in

            mkdir -m 0755 -p /etc/ssh

-            if ! test -f /etc/ssh/ssh_host_${hktn}_key; then
-                ssh-keygen -t ${hktn} -b ${toString hktb} -f /etc/ssh/ssh_host_${hktn}_key -N ""
+            if ! test -f ${cfg.hostKeyPath}; then
+                ssh-keygen -t ${hktn} -b ${toString hktb} -f ${cfg.hostKeyPath} -N ""
            fi
          '';

@ -320,7 +334,7 @@ in

        exec =
          ''
-            ${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_${hktn}_key \
+            ${pkgs.openssh}/sbin/sshd -h ${cfg.hostKeyPath} \
              -f ${pkgs.writeText "sshd_config" cfg.extraConfig}
          '';
      };