diff --git a/modules/config/no-x-libs.nix b/modules/config/no-x-libs.nix index f4b255eefe95..93635aa667fd 100644 --- a/modules/config/no-x-libs.nix +++ b/modules/config/no-x-libs.nix @@ -7,16 +7,14 @@ example = true; description = '' Switch off the options in the default configuration that require X libraries. - Currently this includes: openssh.forwardX11, dbus, hal, fonts.enableCoreFonts, + Currently this includes: ssh X11 forwarding, dbus, hal, fonts.enableCoreFonts, fonts.enableFontConfig ''; }; }; config = pkgs.lib.mkIf config.environment.noXlibs { + programs.ssh.setXAuthLocation = false; services = { - openssh = { - forwardX11 = false; - }; dbus.enable = false; hal.enable = false; }; diff --git a/modules/profiles/minimal.nix b/modules/profiles/minimal.nix index 38c83a03393a..821b9f93465a 100644 --- a/modules/profiles/minimal.nix +++ b/modules/profiles/minimal.nix @@ -5,7 +5,7 @@ { # Don't include X libraries. - services.openssh.forwardX11 = false; + programs.ssh.setXAuthLocation = false; fonts.enableFontConfig = false; fonts.enableCoreFonts = false; } diff --git a/modules/programs/ssh.nix b/modules/programs/ssh.nix index ce07c4f3b321..47ce581821d5 100644 --- a/modules/programs/ssh.nix +++ b/modules/programs/ssh.nix @@ -2,19 +2,57 @@ {config, pkgs, ...}: +with pkgs.lib; + +let cfg = config.programs.ssh; + cfgd = config.services.openssh; + +in { - environment.etc = - [ { # SSH configuration. Slight duplication of the sshd_config - # generation in the sshd service. - source = pkgs.writeText "ssh_config" '' - ${if config.services.openssh.forwardX11 then '' - ForwardX11 yes - XAuthLocation ${pkgs.xorg.xauth}/bin/xauth - '' else '' - ForwardX11 no - ''} + ###### interface + + options = { + + programs.ssh = { + + forwardX11 = mkOption { + default = cfgd.forwardX11; + description = '' + Whether to request X11 forwarding on outgoing connections by default. + This is useful for running graphical programs on the remote machine and have them display to your local X11 server. + Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two. ''; - target = "ssh/ssh_config"; - } - ]; + }; + + setXAuthLocation = mkOption { + default = true; + description = '' + Whether to set the path to xauth for X11-forwarded connections. + Pulls in X11 dependency. + ''; + }; + }; + }; + + assertions = [{ assertion = if cfg.forwardX11 then cfg.setXAuthLocation else true; + msg = "cannot enable X11 forwarding without setting xauth location";}]; + + config = { + environment.etc = + [ { # SSH configuration. Slight duplication of the sshd_config + # generation in the sshd service. + source = pkgs.writeText "ssh_config" '' + ${optionalString cfg.setXAuthLocation '' + XAuthLocation ${pkgs.xorg.xauth}/bin/xauth + ''} + ${if cfg.forwardX11 then '' + ForwardX11 yes + '' else '' + ForwardX11 no + ''} + ''; + target = "ssh/ssh_config"; + } + ]; + }; } diff --git a/modules/services/networking/ssh/sshd.nix b/modules/services/networking/ssh/sshd.nix index 0188293a08c2..715aaa3f882f 100644 --- a/modules/services/networking/ssh/sshd.nix +++ b/modules/services/networking/ssh/sshd.nix @@ -4,7 +4,8 @@ with pkgs.lib; let - cfg = config.services.openssh; + cfg = config.services.openssh; + cfgc = config.programs.ssh; nssModulesPath = config.system.nssModules.path; @@ -140,7 +141,7 @@ in }; forwardX11 = mkOption { - default = true; + default = cfgc.setXAuthLocation; description = '' Whether to allow X11 connections to be forwarded. ''; @@ -281,9 +282,12 @@ in Port ${toString port} '') cfg.ports} + ${optionalString cfgc.setXAuthLocation '' + XAuthLocation ${pkgs.xorg.xauth}/bin/xauth + ''} + ${if cfg.forwardX11 then '' X11Forwarding yes - XAuthLocation ${pkgs.xlibs.xauth}/bin/xauth '' else '' X11Forwarding no ''} @@ -297,6 +301,8 @@ in PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"} ''; + assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; + msg = "cannot enable X11 forwarding without setting xauth location";}]; }; }