use mkstate for dropbear keys

This commit is contained in:
Daniel Barlow 2024-02-13 22:12:26 +00:00
parent 2b22c7aa91
commit ffe0e9d26b
2 changed files with 9 additions and 14 deletions

14
NEWS
View file

@ -60,13 +60,11 @@ these changes have been made
(if there's a writeable fs on /persist) or a directory (if there
isn't)
The `output` and `mkoutputs` functions defined by ${serviceFns}
have been updated, so unless your services are hardcoding service-state
then the change should be seamless
The change will lose your ssh host key(s) unless you copy them from
the old location to the new one before rebooting into the new system
mkdir -m 02751 -p /run/services/state/dropbear
cp /persist/secrets/dropbear/* /run/services/state/dropbear
21:02:51 GMT 2024
The `output`, `mkoutputs` functions defined by ${serviceFns}
have been updated for the new location.

View file

@ -29,15 +29,12 @@ let
in
longrun {
name = "sshd";
# we need /run/dropbear to point to hostkey storage, as that
# pathname is hardcoded into the binary.
# env -i clears the environment so we don't pass anything weird to
# ssh sessions
run = ''
if test -d /persist; then
mkdir -p /persist/secrets/dropbear
ln -s /persist/secrets/dropbear /run
else
mkdir -p /run/dropbear
fi
ln -s $(mkstate dropbear) /run
. /etc/profile # sets PATH but do we need this? it's the same file as ashrc
exec env -i ENV=/etc/ashrc PATH=$PATH ${dropbear}/bin/dropbear ${concatStringsSep " " options}
'';