feat(services.openssh): add extraConfig option

Same interface as in NixOS: https://search.nixos.org/options?channel=unstable&show=services.openssh.extraConfig&from=0&size=50&sort=relevance&type=packages&query=services.openssh.extraConfig This is useful to customize the behavior of the SSH daemon, e.g. to add options like `StreamLocalBindUnlink yes` to improve gpg-agent forwarding. Signed-off-by: squat <lserven@gmail.com>
2025-05-22 20:22:47 +02:00 · 2025-05-22 20:22:47 +02:00 · e09c1aefe4
commit e09c1aefe4
parent e2676937fa
1 changed files with 20 additions and 7 deletions
--- a/modules/services/openssh.nix
+++ b/modules/services/openssh.nix
@ -5,14 +5,25 @@ let
 in
 {
  options = {
-    services.openssh.enable = lib.mkOption {
-      type = lib.types.nullOr lib.types.bool;
-      default = null;
-      description = ''
-        Whether to enable Apple's built-in OpenSSH server.
+    services.openssh = {
+      enable = lib.mkOption {
+        type = lib.types.nullOr lib.types.bool;
+        default = null;
+        description = ''
+          Whether to enable Apple's built-in OpenSSH server.

-        The default is null which means let macOS manage the OpenSSH server.
-      '';
+          The default is null which means let macOS manage the OpenSSH server.
+        '';
+      };
+
+      extraConfig = lib.mkOption {
+        type = lib.types.lines;
+        default = "";
+        description = ''
+          Extra configuration text loaded in {file}`sshd_config`.
+          See {manpage}`sshd_config(5)` for help.
+        '';
+      };
    };
  };

@ -29,5 +40,7 @@ in
        launchctl disable system/com.openssh.sshd
      fi
    '');
+
+    environment.etc."ssh/sshd_config.d/100-nix-darwin.conf".text = cfg.extraConfig;
  };
 }