aviallon/nixos-lib
1
0
Fork 0
mirror of https://github.com/aviallon/nixos-lib.git synced 2026-04-07 22:25:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[Services] Use socket-based activation for SSHd and inhibit sleep when connections are active

Browse source
This commit is contained in:
Antoine Viallon 2023-04-16 17:16:51 +02:00
parent 4ba062d0db
commit acd5467047
Signed by: aviallon
GPG key ID: 186FC35EDEB25716
1 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
services.nix
View file

@ -51,7 +51,22 @@ in {
permitRootLogin = mkDefault "prohibit-password"; permitRootLogin = mkDefault "prohibit-password";
forwardX11 = mkDefault config.services.xserver.enable; forwardX11 = mkDefault config.services.xserver.enable;
openFirewall = true; openFirewall = true;
startWhenNeeded = true;
}; };
systemd.services."ssh-inhibit-sleep@" = {
description = "Inhibit sleep when SSH connections are active";
bindsTo = [ "sshd@%i.service" ];
script = ''
exec ${pkgs.systemd}/bin/systemd-inhibit --mode block --what sleep \
--who "ssh session $1" \
--why "remote session still active" \
${pkgs.coreutils}/bin/sleep infinity
'';
scriptArgs = "%I";
wantedBy = [ "sshd@.service" ];
};
programs.ssh.setXAuthLocation = config.services.xserver.enable; programs.ssh.setXAuthLocation = config.services.xserver.enable;
programs.ssh.forwardX11 = mkDefault config.services.xserver.enable; programs.ssh.forwardX11 = mkDefault config.services.xserver.enable;
security.pam.services.sudo.forwardXAuth = mkDefault true; # Easier to start GUI programs as root security.pam.services.sudo.forwardXAuth = mkDefault true; # Easier to start GUI programs as root