parent
d5fb0de315
commit
a7bfb1509b
2 changed files with 65 additions and 18 deletions
|
|
@ -43,6 +43,7 @@ runCommand name
|
|||
nativeBuildInputs = [
|
||||
pkgs.erofs-utils
|
||||
pkgs.cryptsetup
|
||||
pkgs.gawk
|
||||
pkgs.jq
|
||||
];
|
||||
|
||||
|
|
@ -101,10 +102,26 @@ runCommand name
|
|||
local unit="$1"
|
||||
local content="$2"
|
||||
|
||||
mkdir -p $out/tree/usr/lib/systemd/system/multi-user.target.wants/
|
||||
echo "$content" > $out/tree/usr/lib/systemd/system/$unit
|
||||
# enable in multi-user.target
|
||||
ln -s ../$unit $out/tree/usr/lib/systemd/system/multi-user.target.wants/$unit
|
||||
local unit_file="$out/tree/usr/lib/systemd/system/$unit"
|
||||
|
||||
mkdir -p $out/tree/usr/lib/systemd/system
|
||||
echo "$content" > $unit_file
|
||||
|
||||
# look for [Install] section and WantedBy in unit
|
||||
if ! grep -q "^\[Install\]" "$unit_file"; then
|
||||
echo "No [Install] section found in $unit_file"
|
||||
return
|
||||
fi
|
||||
|
||||
local wanted_by=$(sed -n '/^\[Install\]/,/^\[/{/^WantedBy=/s/^WantedBy=//p}' "$unit_file")
|
||||
|
||||
if [ -z "$wanted_by" ]; then
|
||||
echo "No WantedBy found in [Install] section of $unit_file"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir -p $out/tree/usr/lib/systemd/system/"$wanted_by".wants
|
||||
ln -s ../$unit $out/tree/usr/lib/systemd/system/"$wanted_by".wants/$unit
|
||||
}
|
||||
|
||||
mkdir -p $out/tree
|
||||
|
|
|
|||
|
|
@ -51,27 +51,57 @@ pkgs.callPackage ../../lib/make-sysext.nix {
|
|||
|
||||
services = [
|
||||
{
|
||||
unit = "dropbear.service";
|
||||
unit = "dropbear.socket";
|
||||
content = ''
|
||||
[Unit]
|
||||
Description=Dropbear SSH server
|
||||
After=network.target
|
||||
Wants=network.target
|
||||
Conflicts=dropbear.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStartPre=/bin/mkdir -p /run/dropbear
|
||||
ExecStartPre=/bin/sh -c "if [ ! -f /run/dropbear/dropbear_rsa_host_key ]; then /usr/bin/dropbearkey -t rsa -f /run/dropbear/dropbear_rsa_host_key -s 2048; fi"
|
||||
ExecStart=/usr/bin/dropbear -p 22 -r /run/dropbear/dropbear_rsa_host_key
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
RestartSec=5s
|
||||
[Socket]
|
||||
ListenStream=22
|
||||
Accept=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
WantedBy=sockets.target
|
||||
Also=dropbearkey.service
|
||||
'';
|
||||
}
|
||||
|
||||
{
|
||||
unit = "dropbear@.service";
|
||||
content = ''
|
||||
[Unit]
|
||||
Description=SSH Per-Connection Server
|
||||
Wants=dropbearkey.service
|
||||
After=network.target dropbearkey.service
|
||||
|
||||
[Service]
|
||||
Environment="DROPBEAR_RSAKEY_DIR=/var/lib/dropbear"
|
||||
ExecStart=-/usr/bin/dropbear -i -r ''${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key
|
||||
ExecReload=/usr/bin/kill -HUP $MAINPID
|
||||
StandardInput=socket
|
||||
KillMode=process
|
||||
'';
|
||||
}
|
||||
|
||||
{
|
||||
unit = "dropbearkey.service";
|
||||
content = ''
|
||||
[Unit]
|
||||
Description=SSH Key Generation
|
||||
RequiresMountsFor=/var /var/lib
|
||||
ConditionPathExists=!/var/lib/dropbear/dropbear_rsa_host_key
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Environment="DROPBEAR_RSAKEY_DIR=/var/lib/dropbear"
|
||||
Environment="DROPBEAR_RSAKEY_ARGS=-s 2048"
|
||||
ExecStart=/usr/bin/mkdir -p ''${DROPBEAR_RSAKEY_DIR}
|
||||
ExecStart=/usr/bin/dropbearkey -t rsa -f ''${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key ''${DROPBEAR_RSAKEY_ARGS}
|
||||
RemainAfterExit=yes
|
||||
Nice=10
|
||||
'';
|
||||
}
|
||||
|
||||
];
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue