forked from mirrors/nixpkgs
Merge pull request #19635 from nhooyr/sshgen
sshd: separate key generation into another service
This commit is contained in:
commit
20383d2606
|
@ -242,7 +242,7 @@ in
|
|||
|
||||
systemd =
|
||||
let
|
||||
service =
|
||||
sshd-service =
|
||||
{ description = "SSH Daemon";
|
||||
|
||||
wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target";
|
||||
|
@ -253,16 +253,8 @@ in
|
|||
|
||||
environment.LD_LIBRARY_PATH = nssModulesPath;
|
||||
|
||||
preStart =
|
||||
''
|
||||
mkdir -m 0755 -p /etc/ssh
|
||||
|
||||
${flip concatMapStrings cfg.hostKeys (k: ''
|
||||
if ! [ -f "${k.path}" ]; then
|
||||
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
|
||||
fi
|
||||
'')}
|
||||
'';
|
||||
wants = [ "sshd-keygen.service" ];
|
||||
after = [ "sshd-keygen.service" ];
|
||||
|
||||
serviceConfig =
|
||||
{ ExecStart =
|
||||
|
@ -278,6 +270,26 @@ in
|
|||
PIDFile = "/run/sshd.pid";
|
||||
});
|
||||
};
|
||||
|
||||
sshd-keygen-service =
|
||||
{ description = "SSH Host Key Generation";
|
||||
path = [ cfgc.package ];
|
||||
script =
|
||||
''
|
||||
mkdir -m 0755 -p /etc/ssh
|
||||
${flip concatMapStrings cfg.hostKeys (k: ''
|
||||
if ! [ -f "${k.path}" ]; then
|
||||
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
|
||||
fi
|
||||
'')}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = "yes";
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
if cfg.startWhenNeeded then {
|
||||
|
@ -289,11 +301,13 @@ in
|
|||
socketConfig.Accept = true;
|
||||
};
|
||||
|
||||
services."sshd@" = service;
|
||||
services.sshd-keygen = sshd-keygen-service;
|
||||
services."sshd@" = sshd-service;
|
||||
|
||||
} else {
|
||||
|
||||
services.sshd = service;
|
||||
services.sshd-keygen = sshd-keygen-service;
|
||||
services.sshd = sshd-service;
|
||||
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue