From 1835fc455bf1fb71fc1ad36715acca630e4c871a Mon Sep 17 00:00:00 2001
From: Matthieu Coudron <mattator@gmail.com>
Date: Mon, 16 Sep 2019 19:21:23 +0900
Subject: [PATCH] services.openssh: add banner

Add the possibility to setup a banner.

Co-authored-by: Silvan Mosberger <github@infinisil.com>
---
 nixos/modules/services/networking/ssh/sshd.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 17f31e3a488d..0db77e07978d 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -232,6 +232,14 @@ in
         '';
       };
 
+      banner = mkOption {
+        type = types.nullOr types.lines;
+        default = null;
+        description = ''
+          Message to display to the remote user before authentication is allowed.
+        '';
+      };
+
       authorizedKeysFiles = mkOption {
         type = types.listOf types.str;
         default = [];
@@ -474,6 +482,8 @@ in
       ''
         UsePAM yes
 
+        Banner ${if cfg.banner == null then "none" else pkgs.writeText "ssh_banner" cfg.banner}
+
         AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
         ${concatMapStrings (port: ''
           Port ${toString port}