lsh: drop

2025-07-13 13:40:28 +03:00 · 2024-08-14 03:05:04 +02:00 · 2024-08-14 03:05:04 +02:00 · e959525e15
commit e959525e15
parent 422d853079
10 changed files with 4 additions and 282 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -1205,7 +1205,6 @@
  ./services/networking/spacecookie.nix
  ./services/networking/spiped.nix
  ./services/networking/squid.nix
-  ./services/networking/ssh/lshd.nix
  ./services/networking/ssh/sshd.nix
  ./services/networking/sslh.nix
  ./services/networking/strongswan-swanctl/module.nix
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@ -37,7 +37,6 @@ in
      The xow package was removed from nixpkgs. Upstream has deprecated
      the project and users are urged to switch to xone.
    '')
-    (mkRemovedOptionModule [ "networking" "liboop" ] "The corresponding package was removed from nixpkgs.")
    (mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
    (mkRemovedOptionModule [ "networking" "wicd" ] "The corresponding package was removed from nixpkgs.")
    (mkRemovedOptionModule [ "programs" "gnome-documents" ] "The corresponding package was removed from nixpkgs.")
@ -71,6 +70,7 @@ in
    (mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
    (mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
    (mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
+    (mkRemovedOptionModule [ "services" "lshd" ] "The corresponding package was removed from nixpkgs as it had no maintainer in Nixpkgs and hasn't seen an upstream release in over a decades.")
    (mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
    (mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
    (mkRemovedOptionModule [ "services" "mathics" ] "The Mathics module has been removed")
--- a/nixos/modules/services/networking/ssh/lshd.nix
+++ b/nixos/modules/services/networking/ssh/lshd.nix
@ -1,187 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
-  inherit (pkgs) lsh;
-
-  cfg = config.services.lshd;
-
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    services.lshd = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to enable the GNU lshd SSH2 daemon, which allows
-          secure remote login.
-        '';
-      };
-
-      portNumber = mkOption {
-        default = 22;
-        type = types.port;
-        description = ''
-          The port on which to listen for connections.
-        '';
-      };
-
-      interfaces = mkOption {
-        default = [];
-        type = types.listOf types.str;
-        description = ''
-          List of network interfaces where listening for connections.
-          When providing the empty list, `[]`, lshd listens on all
-          network interfaces.
-        '';
-        example = [ "localhost" "1.2.3.4:443" ];
-      };
-
-      hostKey = mkOption {
-        default = "/etc/lsh/host-key";
-        type = types.str;
-        description = ''
-          Path to the server's private key.  Note that this key must
-          have been created, e.g., using "lsh-keygen --server |
-          lsh-writekey --server", so that you can run lshd.
-        '';
-      };
-
-      syslog = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Whether to enable syslog output.";
-      };
-
-      passwordAuthentication = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Whether to enable password authentication.";
-      };
-
-      publicKeyAuthentication = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Whether to enable public key authentication.";
-      };
-
-      rootLogin = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Whether to enable remote root login.";
-      };
-
-      loginShell = mkOption {
-        default = null;
-        type = types.nullOr types.str;
-        description = ''
-          If non-null, override the default login shell with the
-          specified value.
-        '';
-        example = "/nix/store/xyz-bash-10.0/bin/bash10";
-      };
-
-      srpKeyExchange = mkOption {
-        default = false;
-        type = types.bool;
-        description = ''
-          Whether to enable SRP key exchange and user authentication.
-        '';
-      };
-
-      tcpForwarding = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Whether to enable TCP/IP forwarding.";
-      };
-
-      x11Forwarding = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Whether to enable X11 forwarding.";
-      };
-
-      subsystems = mkOption {
-        type = types.listOf types.path;
-        description = ''
-          List of subsystem-path pairs, where the head of the pair
-          denotes the subsystem name, and the tail denotes the path to
-          an executable implementing it.
-        '';
-      };
-
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.enable {
-
-    services.lshd.subsystems = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
-
-    systemd.services.lshd = {
-      description = "GNU lshd SSH2 daemon";
-
-      after = [ "network.target" ];
-
-      wantedBy = [ "multi-user.target" ];
-
-      environment = {
-        LD_LIBRARY_PATH = config.system.nssModules.path;
-      };
-
-      preStart = ''
-        test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh
-        test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh
-
-        if ! test -f /var/spool/lsh/yarrow-seed-file
-        then
-            # XXX: It would be nice to provide feedback to the
-            # user when this fails, so that they can retry it
-            # manually.
-            ${lsh}/bin/lsh-make-seed --sloppy \
-               -o /var/spool/lsh/yarrow-seed-file
-        fi
-
-        if ! test -f "${cfg.hostKey}"
-        then
-            ${lsh}/bin/lsh-keygen --server | \
-            ${lsh}/bin/lsh-writekey --server -o "${cfg.hostKey}"
-        fi
-      '';
-
-      script = with cfg; ''
-        ${lsh}/sbin/lshd --daemonic \
-          --password-helper="${lsh}/sbin/lsh-pam-checkpw" \
-          -p ${toString portNumber} \
-          ${optionalString (interfaces != []) (concatStrings (map (i: "--interface=\"${i}\"") interfaces))} \
-          -h "${hostKey}" \
-          ${optionalString (!syslog) "--no-syslog" } \
-          ${if passwordAuthentication then "--password" else "--no-password" } \
-          ${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
-          ${if rootLogin then "--root-login" else "--no-root-login" } \
-          ${optionalString (loginShell != null) "--login-shell=\"${loginShell}\"" } \
-          ${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
-          ${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
-          ${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
-          --subsystems=${concatStringsSep ","
-                                          (map (pair: (head pair) + "=" +
-                                                      (head (tail pair)))
-                                               subsystems)}
-      '';
-    };
-
-    security.pam.services.lshd = {};
-  };
-}