Add openssh service
This commit is contained in:
parent
77dd3a2b96
commit
940e0de695
|
@ -100,6 +100,11 @@ in
|
|||
inherit (pkgs) influxdb;
|
||||
};
|
||||
|
||||
sshd = import ./sshd.nix {
|
||||
inherit createManagedProcess stateDir runtimeDir tmpDir forceDisableUserChange;
|
||||
inherit (pkgs) writeTextFile openssh;
|
||||
};
|
||||
|
||||
docker = import ./docker.nix {
|
||||
inherit createManagedProcess;
|
||||
inherit (pkgs) docker kmod;
|
||||
|
|
|
@ -56,4 +56,9 @@ rec {
|
|||
max = 8096;
|
||||
step = 3;
|
||||
};
|
||||
|
||||
sshPorts = {
|
||||
min = 1222;
|
||||
max = 1422;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
{
|
||||
"ids" = {
|
||||
"gids" = {
|
||||
"apache" = 2000;
|
||||
"influxdb" = 2001;
|
||||
"mongodb" = 2002;
|
||||
"mysql" = 2003;
|
||||
"postgresql" = 2004;
|
||||
"sshd" = 2005;
|
||||
"tomcat" = 2006;
|
||||
};
|
||||
"httpPorts" = {
|
||||
"apache" = 8080;
|
||||
"tomcat" = 8081;
|
||||
};
|
||||
"httpsPorts" = {
|
||||
"tomcat" = 8443;
|
||||
};
|
||||
"inetHTTPPorts" = {
|
||||
"supervisord" = 9001;
|
||||
};
|
||||
"influxdbPorts" = {
|
||||
"influxdb" = 8086;
|
||||
};
|
||||
"mongodbPorts" = {
|
||||
"mongodb" = 27017;
|
||||
};
|
||||
"mysqlPorts" = {
|
||||
"mysql" = 3306;
|
||||
};
|
||||
"postgresqlPorts" = {
|
||||
"postgresql" = 5432;
|
||||
};
|
||||
"sshPorts" = {
|
||||
"sshd" = 1222;
|
||||
};
|
||||
"svnPorts" = {
|
||||
"svnserve" = 3690;
|
||||
};
|
||||
"tomcatAJPPorts" = {
|
||||
"tomcat" = 8009;
|
||||
};
|
||||
"tomcatServerPorts" = {
|
||||
"tomcat" = 8005;
|
||||
};
|
||||
"uids" = {
|
||||
"apache" = 2000;
|
||||
"influxdb" = 2001;
|
||||
"mongodb" = 2002;
|
||||
"mysql" = 2003;
|
||||
"postgresql" = 2004;
|
||||
"sshd" = 2005;
|
||||
"tomcat" = 2006;
|
||||
};
|
||||
};
|
||||
"lastAssignments" = {
|
||||
"gids" = 2006;
|
||||
"httpPorts" = 8081;
|
||||
"httpsPorts" = 8443;
|
||||
"inetHTTPPorts" = 9001;
|
||||
"influxdbPorts" = 8086;
|
||||
"mongodbPorts" = 27017;
|
||||
"mysqlPorts" = 3306;
|
||||
"postgresqlPorts" = 5432;
|
||||
"sshPorts" = 1222;
|
||||
"svnPorts" = 3690;
|
||||
"tomcatAJPPorts" = 8009;
|
||||
"tomcatServerPorts" = 8005;
|
||||
"uids" = 2006;
|
||||
};
|
||||
}
|
|
@ -104,6 +104,16 @@ rec {
|
|||
requiresUniqueIdsFor = [ "influxdbPorts" "uids" "gids" ];
|
||||
};
|
||||
|
||||
sshd = rec {
|
||||
port = ids.sshPorts.sshd or 0;
|
||||
|
||||
pkg = constructors.sshd {
|
||||
inherit port;
|
||||
};
|
||||
|
||||
requiresUniqueIdsFor = [ "sshPorts" "uids" "gids" ];
|
||||
};
|
||||
|
||||
docker = {
|
||||
pkg = constructors.docker;
|
||||
};
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
{createManagedProcess, writeTextFile, openssh, stateDir, runtimeDir, tmpDir, forceDisableUserChange}:
|
||||
{instanceSuffix ? "", instanceName ? "sshd${instanceSuffix}", port ? 22, extraSSHDConfig ? ""}:
|
||||
|
||||
let
|
||||
sshdStateDir = "${stateDir}/lib/${instanceName}";
|
||||
|
||||
sshdConfig = writeTextFile {
|
||||
name = "sshd_config";
|
||||
text = ''
|
||||
HostKey ${sshdStateDir}/ssh_host_rsa_key
|
||||
HostKey ${sshdStateDir}/ssh_host_ecdsa_key
|
||||
HostKey ${sshdStateDir}/ssh_host_ed25519_key
|
||||
|
||||
PidFile ${if forceDisableUserChange then tmpDir else runtimeDir}/${instanceName}.pid
|
||||
${extraSSHDConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
group = instanceName;
|
||||
user = instanceName;
|
||||
in
|
||||
createManagedProcess {
|
||||
name = instanceName;
|
||||
inherit instanceName;
|
||||
|
||||
initialize = ''
|
||||
mkdir -p ${sshdStateDir}
|
||||
mkdir -p /var/empty
|
||||
|
||||
if [ ! -f ${sshdStateDir}/ssh_host_rsa_key ]
|
||||
then
|
||||
ssh-keygen -t rsa -f ${sshdStateDir}/ssh_host_rsa_key -N ""
|
||||
fi
|
||||
|
||||
if [ ! -f ${sshdStateDir}/ssh_host_ecdsa_key ]
|
||||
then
|
||||
ssh-keygen -t ecdsa -f ${sshdStateDir}/ssh_host_ecdsa_key -N ""
|
||||
fi
|
||||
|
||||
if [ ! -f ${sshdStateDir}/ssh_host_ed25519_key ]
|
||||
then
|
||||
ssh-keygen -t ed25519 -f ${sshdStateDir}/ssh_host_ed25519_key -N ""
|
||||
fi
|
||||
'';
|
||||
|
||||
process = "${openssh}/bin/sshd";
|
||||
args = [ "-p" port "-f" sshdConfig ];
|
||||
foregroundProcessExtraArgs = [ "-D" ];
|
||||
path = [ openssh ];
|
||||
|
||||
credentials = {
|
||||
groups = {
|
||||
"${group}" = {};
|
||||
};
|
||||
users = {
|
||||
"${user}" = {
|
||||
inherit group;
|
||||
homeDir = "/var/empty";
|
||||
description = "SSH privilege separation user";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
overrides = {
|
||||
sysvinit = {
|
||||
runlevels = [ 3 4 5 ];
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue