commit 20383d26066d7c99ce721a020d5ea3552d24042d · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #19635 from nhooyr/sshgen

sshd: separate key generation into another service

authored by Jörg Thalheim and committed by GitHub 9 years ago 20383d26 42e93b5f

+27 -13

1 changed file

expand all

unified split

nixos

modules

services

networking

ssh

sshd.nix

+27 -13

nixos/modules/services/networking/ssh/sshd.nix

··· 242 243 systemd = 244 let 245 - service = 246 { description = "SSH Daemon"; 247 248 wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target"; ··· 253 254 environment.LD_LIBRARY_PATH = nssModulesPath; 255 256 - preStart = 257 - '' 258 - mkdir -m 0755 -p /etc/ssh 259 - 260 - ${flip concatMapStrings cfg.hostKeys (k: '' 261 - if ! [ -f "${k.path}" ]; then 262 - ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N "" 263 - fi 264 - '')} 265 - ''; 266 267 serviceConfig = 268 { ExecStart = ··· 278 PIDFile = "/run/sshd.pid"; 279 }); 280 }; 281 in 282 283 if cfg.startWhenNeeded then { ··· 289 socketConfig.Accept = true; 290 }; 291 292 - services."sshd@" = service; 293 294 } else { 295 296 - services.sshd = service; 297 298 }; 299

··· 242 243 systemd = 244 let 245 + sshd-service = 246 { description = "SSH Daemon"; 247 248 wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target"; ··· 253 254 environment.LD_LIBRARY_PATH = nssModulesPath; 255 256 + wants = [ "sshd-keygen.service" ]; 257 + after = [ "sshd-keygen.service" ]; 258 259 serviceConfig = 260 { ExecStart = ··· 270 PIDFile = "/run/sshd.pid"; 271 }); 272 }; 273 + 274 + sshd-keygen-service = 275 + { description = "SSH Host Key Generation"; 276 + path = [ cfgc.package ]; 277 + script = 278 + '' 279 + mkdir -m 0755 -p /etc/ssh 280 + ${flip concatMapStrings cfg.hostKeys (k: '' 281 + if ! [ -f "${k.path}" ]; then 282 + ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N "" 283 + fi 284 + '')} 285 + ''; 286 + 287 + serviceConfig = { 288 + Type = "oneshot"; 289 + RemainAfterExit = "yes"; 290 + }; 291 + }; 292 + 293 in 294 295 if cfg.startWhenNeeded then { ··· 301 socketConfig.Accept = true; 302 }; 303 304 + services.sshd-keygen = sshd-keygen-service; 305 + services."sshd@" = sshd-service; 306 307 } else { 308 309 + services.sshd-keygen = sshd-keygen-service; 310 + services.sshd = sshd-service; 311 312 }; 313