lbailly/liminix
1
0
Fork 0
forked from DGNum/liminix
Code Pull requests 2 Activity Actions

use mkstate for dropbear keys

Browse source
This commit is contained in:
Daniel Barlow 2024-02-13 22:12:26 +00:00
parent 2b22c7aa91
commit ffe0e9d26b
2 changed files with 9 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
NEWS
View file

@ -60,13 +60,11 @@ these changes have been made
(if there's a writeable fs on /persist) or a directory (if there (if there's a writeable fs on /persist) or a directory (if there
isn't) isn't)
The `output` and `mkoutputs` functions defined by ${serviceFns} The change will lose your ssh host key(s) unless you copy them from
have been updated, so unless your services are hardcoding service-state the old location to the new one before rebooting into the new system
then the change should be seamless
mkdir -m 02751 -p /run/services/state/dropbear
cp /persist/secrets/dropbear/* /run/services/state/dropbear
The `output`, `mkoutputs` functions defined by ${serviceFns}
have been updated for the new location.
21:02:51 GMT 2024

9
modules/ssh/ssh.nix
View file

@ -29,15 +29,12 @@ let
in in
longrun { longrun {
name = "sshd"; name = "sshd";
# we need /run/dropbear to point to hostkey storage, as that
# pathname is hardcoded into the binary.
# env -i clears the environment so we don't pass anything weird to # env -i clears the environment so we don't pass anything weird to
# ssh sessions # ssh sessions
run = '' run = ''
if test -d /persist; then ln -s $(mkstate dropbear) /run
mkdir -p /persist/secrets/dropbear
ln -s /persist/secrets/dropbear /run
else
mkdir -p /run/dropbear
fi
. /etc/profile # sets PATH but do we need this? it's the same file as ashrc . /etc/profile # sets PATH but do we need this? it's the same file as ashrc
exec env -i ENV=/etc/ashrc PATH=$PATH ${dropbear}/bin/dropbear ${concatStringsSep " " options} exec env -i ENV=/etc/ashrc PATH=$PATH ${dropbear}/bin/dropbear ${concatStringsSep " " options}
''; '';