services.openssh: support freeform settings (#193757)

By default, root logins using a password are disallowed. They can be

disabled entirely by setting

[](#opt-services.openssh.permitRootLogin) to `"no"`.

[](#opt-services.openssh.settings.PermitRootLogin) to `"no"`.

You can declaratively specify authorised RSA/DSA public keys for a user

as follows:

  <para>

    By default, root logins using a password are disallowed. They can be

    disabled entirely by setting

    <xref linkend="opt-services.openssh.permitRootLogin" /> to

    <xref linkend="opt-services.openssh.settings.PermitRootLogin" /> to

    <literal>&quot;no&quot;</literal>.

  </para>

  <para>

          <link linkend="opt-services.usbmuxd.package">services.usbmuxd.package</link>

        </para>

      </listitem>

      <listitem>

        <para>

          A few openssh options have been moved from extraConfig to the

          new freeform option <literal>settings</literal> and renamed as

          follow:

          <literal>services.openssh.kbdInteractiveAuthentication</literal>

          to

          <literal>services.openssh.settings.KbdInteractiveAuthentication</literal>,

          <literal>services.openssh.passwordAuthentication</literal> to

          <literal>services.openssh.settings.PasswordAuthentication</literal>,

          <literal>services.openssh.useDns</literal> to

          <literal>services.openssh.settings.UseDns</literal>,

          <literal>services.openssh.permitRootLogin</literal> to

          <literal>services.openssh.settings.PermitRootLogin</literal>,

          <literal>services.openssh.logLevel</literal> to

          <literal>services.openssh.settings.LogLevel</literal>.

        </para>

      </listitem>

      <listitem>

        <para>

          <literal>services.mastodon</literal> gained a tootctl wrapped

- The module `usbmuxd` now has the ability to change the package used by the daemon. In case you're experiencing issues with `usbmuxd` you can try an alternative program like `usbmuxd2`. Available as [services.usbmuxd.package](#opt-services.usbmuxd.package)

- A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follow: `services.openssh.kbdInteractiveAuthentication` to `services.openssh.settings.KbdInteractiveAuthentication`, `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication`, `services.openssh.useDns` to `services.openssh.settings.UseDns`, `services.openssh.permitRootLogin` to `services.openssh.settings.PermitRootLogin`, `services.openssh.logLevel` to `services.openssh.settings.LogLevel`.

- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.

- The `dnsmasq` service now takes configuration via the

    # mounting the storage in a different system.

    services.openssh = {

      enable = true;

      permitRootLogin = "yes";

      settings.PermitRootLogin = "yes";

    };

    # Enable wpa_supplicant, but don't start it by default.