3
0
Fork 0
forked from mirrors/nixpkgs

Merge pull request #19635 from nhooyr/sshgen

sshd: separate key generation into another service
This commit is contained in:
Jörg Thalheim 2016-10-21 23:40:16 +02:00 committed by GitHub
commit 20383d2606

View file

@ -242,7 +242,7 @@ in
systemd =
let
service =
sshd-service =
{ description = "SSH Daemon";
wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target";
@ -253,16 +253,8 @@ in
environment.LD_LIBRARY_PATH = nssModulesPath;
preStart =
''
mkdir -m 0755 -p /etc/ssh
${flip concatMapStrings cfg.hostKeys (k: ''
if ! [ -f "${k.path}" ]; then
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
fi
'')}
'';
wants = [ "sshd-keygen.service" ];
after = [ "sshd-keygen.service" ];
serviceConfig =
{ ExecStart =
@ -278,6 +270,26 @@ in
PIDFile = "/run/sshd.pid";
});
};
sshd-keygen-service =
{ description = "SSH Host Key Generation";
path = [ cfgc.package ];
script =
''
mkdir -m 0755 -p /etc/ssh
${flip concatMapStrings cfg.hostKeys (k: ''
if ! [ -f "${k.path}" ]; then
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
fi
'')}
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
};
in
if cfg.startWhenNeeded then {
@ -289,11 +301,13 @@ in
socketConfig.Accept = true;
};
services."sshd@" = service;
services.sshd-keygen = sshd-keygen-service;
services."sshd@" = sshd-service;
} else {
services.sshd = service;
services.sshd-keygen = sshd-keygen-service;
services.sshd = sshd-service;
};