diff options
author | Jan (janneke) Nieuwenhuizen <janneke@gnu.org> | 2023-03-05 17:17:04 +0100 |
---|---|---|
committer | Janneke Nieuwenhuizen <janneke@gnu.org> | 2023-03-16 14:26:34 +0100 |
commit | 2c2f382e757d5eef39e8460a20ac75a1b1f8b22e (patch) | |
tree | 55235a11ea78bfd7c02786a076f6896b8ef0bc0b | |
parent | 076fa659efc6521def67d2d1040cd5d81fc1ce7d (diff) | |
download | guix-2c2f382e757d5eef39e8460a20ac75a1b1f8b22e.tar guix-2c2f382e757d5eef39e8460a20ac75a1b1f8b22e.tar.gz |
gnu: home: services: Add home-ssh-agent-service-type.
* gnu/home/services/ssh.scm: (<home-ssh-agent-configuration>): New type.
(home-ssh-agent-services): New procedure.
(home-ssh-agent-service-type): New variable.
* doc/guix.texi (Secure Shell): Document it.
-rw-r--r-- | doc/guix.texi | 56 | ||||
-rw-r--r-- | gnu/home/services/ssh.scm | 54 |
2 files changed, 108 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index aa98d7df4b..8baa2f3224 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -36,7 +36,7 @@ Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@* Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@* Copyright @copyright{} 2016 John Darrington@* Copyright @copyright{} 2016, 2017 Nikita Gillmann@* -Copyright @copyright{} 2016, 2017, 2018, 2019, 2020 Jan Nieuwenhuizen@* +Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2023 Jan Nieuwenhuizen@* Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021 Julien Lepiller@* Copyright @copyright{} 2016 Alex ter Weele@* Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021 Christopher Baines@* @@ -42464,6 +42464,60 @@ Extra content appended as-is to this @code{Host} block in @c %end of fragment +@cindex ssh-agent +The @uref{https://www.openssh.com, OpenSSH package} includes a daemon, +the @command{ssh-agent} command, that manages keys to connect to remote +machines using the @acronym{SSH, secure shell} protocol. With the +@code{(gnu home services ssh-agent)} service, you can configure the +OpenSSH ssh-agent to run upon login. + +When using the @code{home-ssh-agent-service-type}, you need to add your +@file{~/.bash_profile}: + +@example +SSH_AUTH_SOCK=$@{XDG_RUNTIME_DIR-$HOME/.cache@}/ssh-agent/socket +export SSH_AUTH_SOCK +@end example + +Of course, you can do that using the @code{home-bash-service-type}, by +adding something like: + +@lisp +(environment-variables + '(("SSH_AUTH_SOCK" + . "$@{SSH_AUTH_SOCK-$@{XDG_RUNTIME_DIR-$HOME/.cache@}/ssh-agent/socket@}"))) +@end lisp + +Here is an example of a service and its configuration that you could add +to the @code{services} field of your @code{home-environment}: + +@lisp +(service home-ssh-agent-service-type + (home-ssh-agent-configuration + (extra-options '("-t" "1h30m")))) +@end lisp + +@defvr {Scheme Variable} home-ssh-agent-service-type +This is the type of the @code{git daemon} home service, whose value is an +@code{home-ssh-agent-configuration} object. +@end defvr + +@deftp {Data Type} home-ssh-agent-configuration +Available @code{home-ssh-agent-configuration} fields are: + +@table @asis +@item @code{git} (default: @code{git}) (type: file-like) +The git package to use. + +@item @code{socket-directory} (default: @code{@env{XDG_RUNTIME_DIR}/ssh-agent"}) (type: string) +The directory to write the ssh-agent's @file{socket} file. + +@item @code{extra-options} (default: @code{'()}) +Extra options will be passed to @command{ssh-agent}, please run +@command{man ssh-agent} for more information. + +@end table +@end deftp @node Desktop Home Services @subsection Desktop Home Services diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm index d15f5ee912..205650d489 100644 --- a/gnu/home/services/ssh.scm +++ b/gnu/home/services/ssh.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2022 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2023 Janneke Nieuwenhuizen <janneke@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -25,9 +26,12 @@ #:use-module (gnu services configuration) #:use-module (guix modules) #:use-module (gnu home services) + #:use-module (gnu home services shepherd) #:use-module ((gnu home services utils) #:select (object->camel-case-string)) #:autoload (gnu packages base) (glibc-utf8-locales) + #:use-module (gnu packages ssh) + #:use-module (shepherd support) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) @@ -36,6 +40,7 @@ home-openssh-configuration-authorized-keys home-openssh-configuration-known-hosts home-openssh-configuration-hosts + home-ssh-agent-configuration openssh-host openssh-host-host-name @@ -52,7 +57,8 @@ openssh-host-accepted-key-types openssh-host-extra-content - home-openssh-service-type)) + home-openssh-service-type + home-ssh-agent-service-type)) (define (serialize-field-name name) (match name @@ -254,3 +260,49 @@ inserted after each of them." by providing a @file{~/.ssh/config} file, which is honored by the OpenSSH client,@command{ssh}, and by other tools such as @command{guix deploy}.") (default-value (home-openssh-configuration)))) + + +;;; +;;; Ssh-agent. +;;; +(define-record-type* <home-ssh-agent-configuration> + home-ssh-agent-configuration make-home-ssh-agent-configuration + home-ssh-agent-configuration? + (openssh home-ssh-agent-openssh ;file-like + (default openssh)) + (socket-directory home-ssh-agent-socket-directory ;string + (default (string-append %user-runtime-dir "/ssh-agent"))) + (extra-options home-ssh-agent-extra-options ;list of string + (default '()))) + +(define (home-ssh-agent-services config) + "Return a <shepherd-service> for an ssh-agent with CONFIG." + (match config + (($ <home-ssh-agent-configuration> + openssh socket-directory extra-options) + (let* ((ssh-agent (file-append openssh "/bin/ssh-agent")) + (socket-file (string-append socket-directory "/socket")) + (command `(,ssh-agent + "-D" + "-a" ,socket-file + ,@extra-options)) + (log-file (string-append %user-log-dir "/ssh-agent.log"))) + (list (shepherd-service + (documentation "Run the ssh-agent.") + (provision '(ssh-agent)) + (start #~(lambda _ + (unless (file-exists? #$socket-directory) + (mkdir-p #$socket-directory) + (chmod #$socket-directory #o700)) + (fork+exec-command '#$command #:log-file #$log-file))) + (stop #~(make-kill-destructor)))))))) + +(define home-ssh-agent-service-type + (service-type + (name 'home-ssh-agent) + (default-value (home-ssh-agent-configuration)) + (extensions + (list (service-extension home-shepherd-service-type + home-ssh-agent-services))) + (description + "Install and configure @command{ssh-agent} as a Shepherd service."))) |