nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-31 01:04:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

sshd: separate key generation into another service

Browse Source 
Fixes #19589
This commit is contained in:
Anmol Sethi 2016-10-20 23:12:21 -04:00
parent ed5d146e9d
commit 1a74eedd07
1 changed files with 27 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -242,7 +242,7 @@ in
systemd = systemd =
let let
service = sshd-service =
{ description = "SSH Daemon"; { description = "SSH Daemon";
wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target"; wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target";
@ -253,16 +253,8 @@ in
environment.LD_LIBRARY_PATH = nssModulesPath; environment.LD_LIBRARY_PATH = nssModulesPath;
preStart = wants = [ "sshd-keygen.service" ];
'' after = [ "sshd-keygen.service" ];
mkdir -m 0755 -p /etc/ssh
${flip concatMapStrings cfg.hostKeys (k: ''
if ! [ -f "${k.path}" ]; then
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
fi
'')}
'';
serviceConfig = serviceConfig =
{ ExecStart = { ExecStart =
@ -278,6 +270,26 @@ in
PIDFile = "/run/sshd.pid"; PIDFile = "/run/sshd.pid";
}); });
}; };
sshd-keygen-service =
{ description = "SSH Host Key Generation";
path = [ cfgc.package ];
script =
''
mkdir -m 0755 -p /etc/ssh
${flip concatMapStrings cfg.hostKeys (k: ''
if ! [ -f "${k.path}" ]; then
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
fi
'')}
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
};
in in
if cfg.startWhenNeeded then { if cfg.startWhenNeeded then {
@ -289,11 +301,13 @@ in
socketConfig.Accept = true; socketConfig.Accept = true;
}; };
services."sshd@" = service; services.sshd-keygen = sshd-keygen-service;
services."sshd@" = sshd-service;
} else { } else {
services.sshd = service; services.sshd-keygen = sshd-keygen-service;
services.sshd = sshd-service;
}; };