ssh service

- dropbear
- generate host keys on first use
- mount /dev/pts

It's not ideal having the host key disappear when the device is
reboot, but without persistent storage the alternative is generating
it at build time. Deferring this problem to another time

modules/s6/scripts/rc.init

@@ -17,6 +17,9 @@ shift
 
 mount -t proc none /proc
 mount -t sysfs none /sys
+# s6-linux-init mounts /dev before this script is called
+mkdir /dev/pts
+mount -t devpts none /dev/pts
 
 mkdir -m 0750 /run/service-state
 chgrp system /run/service-state

overlay.nix

@@ -15,6 +15,15 @@ extraPkgs // {
       nettle = null;
     };
 
+  dropbear = prev.dropbear.overrideAttrs (o: {
+    postPatch = ''
+     (echo '#define DSS_PRIV_FILENAME "/run/dropbear/dropbear_dss_host_key"'
+      echo '#define RSA_PRIV_FILENAME "/run/dropbear/dropbear_rsa_host_key"'
+      echo '#define ECDSA_PRIV_FILENAME "/run/dropbear/dropbear_ecdsa_host_key"'
+      echo '#define ED25519_PRIV_FILENAME "/run/dropbear/dropbear_ed25519_host_key"') > localoptions.h
+    '';
+  });
+
   pppBuild = prev.ppp;
   ppp =
     (prev.ppp.override {

rotuer.nix

@@ -18,6 +18,7 @@ let
     route;
   inherit (pkgs.liminix.services) oneshot longrun bundle target;
   inherit (pkgs)
+    dropbear
     ifwait
     serviceFns;
 in rec {
@@ -146,11 +147,21 @@ in rec {
       ];
     };
 
+  services.sshd = longrun {
+    name = "sshd";
+    run = ''
+      mkdir -p /run/dropbear
+      ${dropbear}/bin/dropbear -E -P /run/dropbear.pid -R -F
+    '';
+  };
+
   users.dnsmasq = {
     uid = 51; gid= 51; gecos = "DNS/DHCP service user";
     dir = "/run/dnsmasq";
     shell = "/bin/false";
   };
+  users.root.passwd = lib.mkForce secrets.root_password;
+
   groups.dnsmasq = {
     gid = 51; usernames = ["dnsmasq"];
   };
@@ -220,6 +231,7 @@ in rec {
       packet_forwarding
       dns
       resolvconf
+      sshd
     ];
   };
   defaultProfile.packages = with pkgs;  [ nftables strace tcpdump ] ;