Unverified Commit 489b03d7 authored by Matthieu Coudron's avatar Matthieu Coudron Committed by GitHub
Browse files

nixos/sshd: remove 'banner' option, in favour of settings.Banner (#509507)

parents 33008ee9 667a1240

nixos/doc/manual/release-notes/rl-2605.section.md

+2 −0
Original line number Diff line number Diff line
@@ -355,6 +355,8 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>. 


- `services.openssh.enableRecommendedAlgorithms` has been added to allow users to opt out of NixOS's curated set of recommended algorithms. This set to true by default, and thus is not a breaking change. Users may want to set this to false if they prefer upstream's default algorithms. See <https://github.com/NixOS/nixpkgs/pull/471330>.



- `services.openssh.banner` has been removed. Use `services.openssh.settings.Banner` instead.



- IPVLAN interfaces can now be configured through the `networking.ipvlans` option in the networking module.



- `services.caddy` now supports setting `httpPort` and `httpsPort` and opening them in the firewall via `openFirewall`.

nixos/modules/services/networking/ssh/sshd.nix

+13 −9
Original line number Diff line number Diff line
@@ -225,6 +225,11 @@ in 
      [ "services" "openssh" "forwardX11" ]

      [ "services" "openssh" "settings" "X11Forwarding" ]

    )

    (lib.mkRemovedOptionModule [

      "services"

      "openssh"

      "banner"

    ] "Use services.openssh.settings.Banner instead.")

  ];



  ###### interface
@@ -404,14 +409,6 @@ in 
        example = true;

      };



      banner = lib.mkOption {

        type = lib.types.nullOr lib.types.lines;

        default = null;

        description = ''

          Message to display to the remote user before authentication is allowed.

        '';

      };



      enableRecommendedAlgorithms = lib.mkOption {

        type = lib.types.bool;

        default = true;
@@ -722,6 +719,14 @@ in 
              PrintMotd = lib.mkEnableOption "printing /etc/motd when a user logs in interactively" // {

                type = lib.types.nullOr lib.types.bool;

              };

              Banner = lib.mkOption {

                type = lib.types.nullOr lib.types.path;

                default = null;

                description = ''

                  The file whose contents are sent to the remote user before authentication.

                '';

                example = "/etc/ssh/banner";

              };

            };

          }

        );
@@ -886,7 +891,6 @@ in 
      services.openssh.extraConfig = lib.mkOrder 0 (

        lib.concatStringsSep "\n" (

          [

            "Banner ${if cfg.banner == null then "none" else pkgs.writeText "ssh_banner" cfg.banner}"

            "AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}"

          ]

          ++ lib.map (port: "Port ${toString port}") cfg.ports