From man 5 ssh_config:
Unless noted otherwise, for each parameter, the first obtained value
will be used.
We want to allow falling through to the first explicitly chosen user
defined value.
* gnu/home/services.ssh.scm (define-maybe boolean): New configuration.
(openssh-host)[forward-x11?, forward-x11-trusted?, forward-agent?,
compression?]: Replace default value with maybe-boolean.
* doc/guix.texi (Secure Shell): Update documentation to match the
changes in the code.
* gnu/home/services/ssh.scm (<home-openssh-configuration>)[add-keys-to-agent]:
New field.
(serialize-add-keys-to-agent): New procedure.
(openssh-configuration->string): Use it.
* doc/guix.texi (Secure Shell): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The default was an empty list which would remove any ~/.ssh/authorized_keys
file and replace it with a symlink to an empty file. On some systems, notably
Ubuntu 22.10, the guix home generated ~/.ssh/authorized_keys file does not
allow login.
* doc/guix.texi (Secure Shell): Update, describe default #false value.
* gnu/home/services/ssh.scm (<home-openssh-configuration>)
[authorized-keys]: Change default to #f.
(openssh-configuration-files): Cater for default #f value: Do not register
"authorized_keys".
Add a new 'proxy' field to openssh-host to allow ProxyCommand or
ProxyJump, but not both, to be configured. Configuring both would cause
the serialization order to determine which one is used. Deprecate the
'proxy-command' field because the 'proxy' field replaces it.
* gnu/home/services/ssh.scm (proxy-jump->string,
proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list,
sanitize-proxy-command): New procedure.
(proxy-jump, proxy-command): New record type.
(openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH
can't have ProxyCommand and ProxyJump configured at the same time.
* doc/guix.texi (Secure Shell): Update to match the changes to the
service.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/home/services/ssh.scm (home-ssh-agent-environment-variables): New
procedure.
(home-ssh-agent-service-type): Use it as ahome-environment-service type
extension.
* doc/guix.texi (Secure Shell): Remove advice about, and examples of setting
SSH_AUTH_SOCK.
This is a followup to 2c2f382e75, which
inadvertently pulled in (shepherd support) on the host side.
* gnu/home/services/ssh.scm (<home-ssh-agent-configuration>)[socket-directory]:
Change value to a gexp.
(home-ssh-agent-services): Change 'socket-file' and 'command' to a
gexp. Add 'modules' field to 'shepherd-service'.
* doc/guix.texi (Secure Shell): Adjust accordingly.
* gnu/home/services/ssh.scm: (<home-ssh-agent-configuration>): New type.
(home-ssh-agent-services): New procedure.
(home-ssh-agent-service-type): New variable.
* doc/guix.texi (Secure Shell): Document it.
* gnu/home/services/ssh.scm (serialize-address-family): Use the public API of
the maybe infrastructure.
* gnu/services/file-sharing.scm (serialize-maybe-string): Use maybe-value.
(serialize-maybe-file-object): Use maybe-value-set?.
* gnu/services/getmail.scm (getmail-retriever-configuration): Don't use
internals in unset field declarations.
(getmail-destination-configuration): Ditto.
* gnu/services/messaging.scm (raw-content?): Use maybe-value-set?.
(prosody-configuration): Use %unset-value.
* gnu/services/telephony.scm (jami-shepherd-services): Use maybe-value-set?.
(archive-name->username): Use maybe-value-set?.
* tests/services/configuration.scm ("maybe type, no default"): Use
%unset-value.
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/home/services/ssh.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* po/guix/POTFILES.in: Add it.
* doc/guix.texi (Secure Shell): New section.
