From 4e79b0b0751e84c845da8ed4062a501a48335dc1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 31 Mar 2017 16:05:35 +0200 Subject: [PATCH] Revert "sshd: separate key generation into another service" This reverts commit 1a74eedd074fac69d12cecb767dc207a4bfea1bb. It breaks NixOps, which expects that rm -f /etc/ssh/ssh_host_ed25519_key* systemctl restart sshd cat /etc/ssh/ssh_host_ed25519_key.pub works. --- .../modules/services/networking/ssh/sshd.nix | 40 ++++++------------- 1 file changed, 13 insertions(+), 27 deletions(-) diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 80659f19c597..7e43ab98674a 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -240,7 +240,7 @@ in systemd = let - sshd-service = + service = { description = "SSH Daemon"; wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target"; @@ -251,8 +251,16 @@ in environment.LD_LIBRARY_PATH = nssModulesPath; - wants = [ "sshd-keygen.service" ]; - after = [ "sshd-keygen.service" ]; + preStart = + '' + mkdir -m 0755 -p /etc/ssh + + ${flip concatMapStrings cfg.hostKeys (k: '' + if ! [ -f "${k.path}" ]; then + ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N "" + fi + '')} + ''; serviceConfig = { ExecStart = @@ -267,26 +275,6 @@ in Type = "simple"; }); }; - - sshd-keygen-service = - { description = "SSH Host Key Generation"; - path = [ cfgc.package ]; - script = - '' - mkdir -m 0755 -p /etc/ssh - ${flip concatMapStrings cfg.hostKeys (k: '' - if ! [ -f "${k.path}" ]; then - ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N "" - fi - '')} - ''; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = "yes"; - }; - }; - in if cfg.startWhenNeeded then { @@ -298,13 +286,11 @@ in socketConfig.Accept = true; }; - services.sshd-keygen = sshd-keygen-service; - services."sshd@" = sshd-service; + services."sshd@" = service; } else { - services.sshd-keygen = sshd-keygen-service; - services.sshd = sshd-service; + services.sshd = service; };