JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sshd: separate key generation into another service

Browse Source 
Fixes #19589
This commit is contained in:
Anmol Sethi 2016-10-20 23:12:21 -04:00
parent ed5d146e9d
commit 1a74eedd07
1 changed files with 27 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -242,7 +242,7 @@ in
systemd =
let
service =
sshd-service =
{ description = "SSH Daemon";
wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target";
@ -253,16 +253,8 @@ in
environment.LD_LIBRARY_PATH = nssModulesPath;
preStart =
''
mkdir -m 0755 -p /etc/ssh
${flip concatMapStrings cfg.hostKeys (k: ''
if ! [ -f "${k.path}" ]; then
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
fi
'')}
'';
wants = [ "sshd-keygen.service" ];
after = [ "sshd-keygen.service" ];
serviceConfig =
{ ExecStart =
@ -278,6 +270,26 @@ in
PIDFile = "/run/sshd.pid";
});
};
sshd-keygen-service =
{ description = "SSH Host Key Generation";
path = [ cfgc.package ];
script =
''
mkdir -m 0755 -p /etc/ssh
${flip concatMapStrings cfg.hostKeys (k: ''
if ! [ -f "${k.path}" ]; then
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
fi
'')}
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
};
in
if cfg.startWhenNeeded then {
@ -289,11 +301,13 @@ in
socketConfig.Accept = true;
};
services."sshd@" = service;
services.sshd-keygen = sshd-keygen-service;
services."sshd@" = sshd-service;
} else {
services.sshd = service;
services.sshd-keygen = sshd-keygen-service;
services.sshd = sshd-service;
};