pyrox.dev
Merge pull request #19635 from nhooyr/sshgen
sshd: separate key generation into another service
authored by Jörg Thalheim and committed by GitHub 20383d26 42e93b5f
+27
-13
nixos/modules/services/networking/ssh/sshd.nix
+27
-13
nixos/modules/services/networking/ssh/sshd.nix
···
242
242
243
243
systemd =
244
244
let
245
-
service =
245
+
sshd-service =
246
246
{ description = "SSH Daemon";
247
247
248
248
wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target";
···
253
253
254
254
environment.LD_LIBRARY_PATH = nssModulesPath;
255
255
256
-
preStart =
257
-
''
258
-
mkdir -m 0755 -p /etc/ssh
259
-
260
-
${flip concatMapStrings cfg.hostKeys (k: ''
261
-
if ! [ -f "${k.path}" ]; then
262
-
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
263
-
fi
264
-
'')}
265
-
'';
256
+
wants = [ "sshd-keygen.service" ];
257
+
after = [ "sshd-keygen.service" ];
266
258
267
259
serviceConfig =
268
260
{ ExecStart =
···
278
270
PIDFile = "/run/sshd.pid";
279
271
});
280
272
};
273
+
274
+
sshd-keygen-service =
275
+
{ description = "SSH Host Key Generation";
276
+
path = [ cfgc.package ];
277
+
script =
278
+
''
279
+
mkdir -m 0755 -p /etc/ssh
280
+
${flip concatMapStrings cfg.hostKeys (k: ''
281
+
if ! [ -f "${k.path}" ]; then
282
+
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
283
+
fi
284
+
'')}
285
+
'';
286
+
287
+
serviceConfig = {
288
+
Type = "oneshot";
289
+
RemainAfterExit = "yes";
290
+
};
291
+
};
292
+
281
293
in
282
294
283
295
if cfg.startWhenNeeded then {
···
289
301
socketConfig.Accept = true;
290
302
};
291
303
292
-
services."sshd@" = service;
304
+
services.sshd-keygen = sshd-keygen-service;
305
+
services."sshd@" = sshd-service;
293
306
294
307
} else {
295
308
296
-
services.sshd = service;
309
+
services.sshd-keygen = sshd-keygen-service;
310
+
services.sshd = sshd-service;
297
311
298
312
};
299
313