services: openssh: Add 'accepted-environment' field.

* gnu/services/ssh.scm (<openssh-configuration>)[accepted-environment]: New field. (openssh-config-file): Honor 'acccepted-environment'. * doc/guix.texi (Networking Services): Document it. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2018-03-15 23:40:58 +01:00 · 2018-03-15 23:40:58 +01:00 · 985934cb21
parent 3c27414968
commit 985934cb21
2 changed files with 24 additions and 0 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -11158,6 +11158,23 @@ server.  Alternately, one can specify the @command{sftp-server} command:
           `(("sftp" ,(file-append openssh "/libexec/sftp-server"))))))
@end example

+@item @code{accepted-environment} (default: @code{'()})
+List of strings describing which environment variables may be exported.
+
+Each string gets on its own line.  See the @code{AcceptEnv} option in
+@code{man sshd_config}.
+
+This example allows ssh-clients to export the @code{COLORTERM} variable.
+It is set by terminal emulators, which support colors.  You can use it in
+your shell's ressource file to enable colors for the prompt and commands
+if this variable is set.
+
+@example
+(service openssh-service-type
+         (openssh-configuration
+           (accepted-environment '("COLORTERM"))))
+@end example
+
@item @code{authorized-keys} (default: @code{'()})
@cindex authorized keys, SSH
@cindex SSH authorized keys
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@ -302,6 +302,10 @@ The other options should be self-descriptive."
  (subsystems            openssh-configuration-subsystems
                         (default '(("sftp" "internal-sftp"))))

+  ;; list of strings
+  (accepted-environment  openssh-configuration-accepted-environment
+                         (default '()))
+
  ;; list of user-name/file-like tuples
  (authorized-keys       openssh-authorized-keys
                         (default '()))
@ -430,6 +434,9 @@ of user-name/file-like tuples."
           (format port "AuthorizedKeysFile \
 .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u\n")

+           (for-each (lambda (s) (format port "AcceptEnv ~a\n" s))
+                     '#$(openssh-configuration-accepted-environment config))
+
           (for-each
            (match-lambda
              ((name command) (format port "Subsystem\t~a\t~a\n" name command)))