pyrox.dev
systemd: enable ssh option
We need to patch systemd to make systemd-ssh-generator(8) work:
- systemd doesn't follow symlinks when checking for a packaged
sshd@.service unit
- systemd tries to link the ssh config dropins by default with tmpfiles
to /usr, that is not possible, so we include the snippet manually.
+32
pkgs/os-specific/linux/systemd/0019-meson-Don-t-link-ssh-dropins.patch
+32
pkgs/os-specific/linux/systemd/0019-meson-Don-t-link-ssh-dropins.patch
···
1
+
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2
+
From: Marie Ramlow <me@nycode.dev>
3
+
Date: Sun, 24 Nov 2024 20:04:35 +0100
4
+
Subject: [PATCH] meson: Don't link ssh dropins
5
+
6
+
---
7
+
meson.build | 4 ++--
8
+
1 file changed, 2 insertions(+), 2 deletions(-)
9
+
10
+
diff --git a/meson.build b/meson.build
11
+
index d392610625..c17d0a1feb 100644
12
+
--- a/meson.build
13
+
+++ b/meson.build
14
+
@@ -211,13 +211,13 @@ sshconfdir = get_option('sshconfdir')
15
+
if sshconfdir == ''
16
+
sshconfdir = sysconfdir / 'ssh/ssh_config.d'
17
+
endif
18
+
-conf.set10('LINK_SSH_PROXY_DROPIN', sshconfdir != 'no' and not sshconfdir.startswith('/usr/'))
19
+
+conf.set10('LINK_SSH_PROXY_DROPIN', 0)
20
+
21
+
sshdconfdir = get_option('sshdconfdir')
22
+
if sshdconfdir == ''
23
+
sshdconfdir = sysconfdir / 'ssh/sshd_config.d'
24
+
endif
25
+
-conf.set10('LINK_SSHD_USERDB_DROPIN', sshdconfdir != 'no' and not sshdconfdir.startswith('/usr/'))
26
+
+conf.set10('LINK_SSHD_USERDB_DROPIN', 0)
27
+
28
+
sshdprivsepdir = get_option('sshdprivsepdir')
29
+
conf.set10('CREATE_SSHDPRIVSEPDIR', sshdprivsepdir != 'no' and not sshdprivsepdir.startswith('/usr/'))
30
+
--
31
+
2.47.0
32
+
pkgs/os-specific/linux/systemd/0019-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
pkgs/os-specific/linux/systemd/0021-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
pkgs/os-specific/linux/systemd/0019-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
pkgs/os-specific/linux/systemd/0021-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
+25
pkgs/os-specific/linux/systemd/0020-install-unit_file_exists_full-follow-symlinks.patch
+25
pkgs/os-specific/linux/systemd/0020-install-unit_file_exists_full-follow-symlinks.patch
···
1
+
From 7be486fb25dc4ea212cb17f6a3f4a434a557b0d9 Mon Sep 17 00:00:00 2001
2
+
From: Marie Ramlow <me@nycode.dev>
3
+
Date: Fri, 10 Jan 2025 15:51:33 +0100
4
+
Subject: [PATCH] install: unit_file_exists_full: follow symlinks
5
+
6
+
---
7
+
src/shared/install.c | 2 +-
8
+
1 file changed, 1 insertion(+), 1 deletion(-)
9
+
10
+
diff --git a/src/shared/install.c b/src/shared/install.c
11
+
index 53566b7eef..0975cd47c7 100644
12
+
--- a/src/shared/install.c
13
+
+++ b/src/shared/install.c
14
+
@@ -3217,7 +3217,7 @@ int unit_file_exists_full(RuntimeScope scope, const LookupPaths *lp, const char
15
+
&c,
16
+
lp,
17
+
name,
18
+
- /* flags= */ 0,
19
+
+ /* flags= */ SEARCH_FOLLOW_CONFIG_SYMLINKS,
20
+
ret_path ? &info : NULL,
21
+
/* changes= */ NULL,
22
+
/* n_changes= */ NULL);
23
+
--
24
+
2.47.0
25
+
+7
-3
pkgs/os-specific/linux/systemd/default.nix
+7
-3
pkgs/os-specific/linux/systemd/default.nix
···
242
242
./0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch
243
243
./0017-meson.build-do-not-create-systemdstatedir.patch
244
244
./0018-Revert-bootctl-update-list-remove-all-instances-of-s.patch # https://github.com/systemd/systemd/issues/33392
245
+
# systemd tries to link the systemd-ssh-proxy ssh config snippet with tmpfiles
246
+
# if the install prefix is not /usr, but that does not work for us
247
+
# because we include the config snippet manually
248
+
./0019-meson-Don-t-link-ssh-dropins.patch
249
+
./0020-install-unit_file_exists_full-follow-symlinks.patch
245
250
]
246
251
++ lib.optionals (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isGnu) [
247
-
./0019-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
252
+
./0021-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
248
253
]
249
254
++ lib.optionals stdenv.hostPlatform.isMusl (
250
255
let
···
492
497
(lib.mesonOption "umount-path" "${lib.getOutput "mount" util-linux}/bin/umount")
493
498
494
499
# SSH
495
-
# Disabled for now until someone makes this work.
496
-
(lib.mesonOption "sshconfdir" "no")
500
+
(lib.mesonOption "sshconfdir" "")
497
501
(lib.mesonOption "sshdconfdir" "no")
498
502
499
503
# Features