forked from DGNum/liminix
ssh service
- dropbear - generate host keys on first use - mount /dev/pts It's not ideal having the host key disappear when the device is reboot, but without persistent storage the alternative is generating it at build time. Deferring this problem to another time
This commit is contained in:
parent
e1eb4e1fcb
commit
08bed15cf8
3 changed files with 24 additions and 0 deletions
|
@ -17,6 +17,9 @@ shift
|
||||||
|
|
||||||
mount -t proc none /proc
|
mount -t proc none /proc
|
||||||
mount -t sysfs none /sys
|
mount -t sysfs none /sys
|
||||||
|
# s6-linux-init mounts /dev before this script is called
|
||||||
|
mkdir /dev/pts
|
||||||
|
mount -t devpts none /dev/pts
|
||||||
|
|
||||||
mkdir -m 0750 /run/service-state
|
mkdir -m 0750 /run/service-state
|
||||||
chgrp system /run/service-state
|
chgrp system /run/service-state
|
||||||
|
|
|
@ -15,6 +15,15 @@ extraPkgs // {
|
||||||
nettle = null;
|
nettle = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
dropbear = prev.dropbear.overrideAttrs (o: {
|
||||||
|
postPatch = ''
|
||||||
|
(echo '#define DSS_PRIV_FILENAME "/run/dropbear/dropbear_dss_host_key"'
|
||||||
|
echo '#define RSA_PRIV_FILENAME "/run/dropbear/dropbear_rsa_host_key"'
|
||||||
|
echo '#define ECDSA_PRIV_FILENAME "/run/dropbear/dropbear_ecdsa_host_key"'
|
||||||
|
echo '#define ED25519_PRIV_FILENAME "/run/dropbear/dropbear_ed25519_host_key"') > localoptions.h
|
||||||
|
'';
|
||||||
|
});
|
||||||
|
|
||||||
pppBuild = prev.ppp;
|
pppBuild = prev.ppp;
|
||||||
ppp =
|
ppp =
|
||||||
(prev.ppp.override {
|
(prev.ppp.override {
|
||||||
|
|
12
rotuer.nix
12
rotuer.nix
|
@ -18,6 +18,7 @@ let
|
||||||
route;
|
route;
|
||||||
inherit (pkgs.liminix.services) oneshot longrun bundle target;
|
inherit (pkgs.liminix.services) oneshot longrun bundle target;
|
||||||
inherit (pkgs)
|
inherit (pkgs)
|
||||||
|
dropbear
|
||||||
ifwait
|
ifwait
|
||||||
serviceFns;
|
serviceFns;
|
||||||
in rec {
|
in rec {
|
||||||
|
@ -146,11 +147,21 @@ in rec {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.sshd = longrun {
|
||||||
|
name = "sshd";
|
||||||
|
run = ''
|
||||||
|
mkdir -p /run/dropbear
|
||||||
|
${dropbear}/bin/dropbear -E -P /run/dropbear.pid -R -F
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
users.dnsmasq = {
|
users.dnsmasq = {
|
||||||
uid = 51; gid= 51; gecos = "DNS/DHCP service user";
|
uid = 51; gid= 51; gecos = "DNS/DHCP service user";
|
||||||
dir = "/run/dnsmasq";
|
dir = "/run/dnsmasq";
|
||||||
shell = "/bin/false";
|
shell = "/bin/false";
|
||||||
};
|
};
|
||||||
|
users.root.passwd = lib.mkForce secrets.root_password;
|
||||||
|
|
||||||
groups.dnsmasq = {
|
groups.dnsmasq = {
|
||||||
gid = 51; usernames = ["dnsmasq"];
|
gid = 51; usernames = ["dnsmasq"];
|
||||||
};
|
};
|
||||||
|
@ -220,6 +231,7 @@ in rec {
|
||||||
packet_forwarding
|
packet_forwarding
|
||||||
dns
|
dns
|
||||||
resolvconf
|
resolvconf
|
||||||
|
sshd
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
defaultProfile.packages = with pkgs; [ nftables strace tcpdump ] ;
|
defaultProfile.packages = with pkgs; [ nftables strace tcpdump ] ;
|
||||||
|
|
Loading…
Reference in a new issue