diff --git a/lib/make-sysext.nix b/lib/make-sysext.nix
index ae1e763..d4f158e 100644
--- a/lib/make-sysext.nix
+++ b/lib/make-sysext.nix
@@ -43,6 +43,7 @@ runCommand name
nativeBuildInputs = [
pkgs.erofs-utils
pkgs.cryptsetup
+ pkgs.gawk
pkgs.jq
];
@@ -101,10 +102,26 @@ runCommand name
local unit="$1"
local content="$2"
- mkdir -p $out/tree/usr/lib/systemd/system/multi-user.target.wants/
- echo "$content" > $out/tree/usr/lib/systemd/system/$unit
- # enable in multi-user.target
- ln -s ../$unit $out/tree/usr/lib/systemd/system/multi-user.target.wants/$unit
+ local unit_file="$out/tree/usr/lib/systemd/system/$unit"
+
+ mkdir -p $out/tree/usr/lib/systemd/system
+ echo "$content" > $unit_file
+
+ # look for [Install] section and WantedBy in unit
+ if ! grep -q "^\[Install\]" "$unit_file"; then
+ echo "No [Install] section found in $unit_file"
+ return
+ fi
+
+ local wanted_by=$(sed -n '/^\[Install\]/,/^\[/{/^WantedBy=/s/^WantedBy=//p}' "$unit_file")
+
+ if [ -z "$wanted_by" ]; then
+ echo "No WantedBy found in [Install] section of $unit_file"
+ exit 1
+ fi
+
+ mkdir -p $out/tree/usr/lib/systemd/system/"$wanted_by".wants
+ ln -s ../$unit $out/tree/usr/lib/systemd/system/"$wanted_by".wants/$unit
}
mkdir -p $out/tree
diff --git a/pkgs/sysext/debug-tools.nix b/pkgs/sysext/debug-tools.nix
index 7ce0a99..2934c4c 100644
--- a/pkgs/sysext/debug-tools.nix
+++ b/pkgs/sysext/debug-tools.nix
@@ -51,27 +51,57 @@ pkgs.callPackage ../../lib/make-sysext.nix {
services = [
{
- unit = "dropbear.service";
+ unit = "dropbear.socket";
content = ''
[Unit]
- Description=Dropbear SSH server
- After=network.target
- Wants=network.target
+ Conflicts=dropbear.service
- [Service]
- Type=forking
- ExecStartPre=/bin/mkdir -p /run/dropbear
- ExecStartPre=/bin/sh -c "if [ ! -f /run/dropbear/dropbear_rsa_host_key ]; then /usr/bin/dropbearkey -t rsa -f /run/dropbear/dropbear_rsa_host_key -s 2048; fi"
- ExecStart=/usr/bin/dropbear -p 22 -r /run/dropbear/dropbear_rsa_host_key
- ExecReload=/bin/kill -HUP $MAINPID
- KillMode=process
- Restart=on-failure
- RestartSec=5s
+ [Socket]
+ ListenStream=22
+ Accept=yes
[Install]
- WantedBy=multi-user.target
+ WantedBy=sockets.target
+ Also=dropbearkey.service
'';
}
+
+ {
+ unit = "dropbear@.service";
+ content = ''
+ [Unit]
+ Description=SSH Per-Connection Server
+ Wants=dropbearkey.service
+ After=network.target dropbearkey.service
+
+ [Service]
+ Environment="DROPBEAR_RSAKEY_DIR=/var/lib/dropbear"
+ ExecStart=-/usr/bin/dropbear -i -r ''${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key
+ ExecReload=/usr/bin/kill -HUP $MAINPID
+ StandardInput=socket
+ KillMode=process
+ '';
+ }
+
+ {
+ unit = "dropbearkey.service";
+ content = ''
+ [Unit]
+ Description=SSH Key Generation
+ RequiresMountsFor=/var /var/lib
+ ConditionPathExists=!/var/lib/dropbear/dropbear_rsa_host_key
+
+ [Service]
+ Type=oneshot
+ Environment="DROPBEAR_RSAKEY_DIR=/var/lib/dropbear"
+ Environment="DROPBEAR_RSAKEY_ARGS=-s 2048"
+ ExecStart=/usr/bin/mkdir -p ''${DROPBEAR_RSAKEY_DIR}
+ ExecStart=/usr/bin/dropbearkey -t rsa -f ''${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key ''${DROPBEAR_RSAKEY_ARGS}
+ RemainAfterExit=yes
+ Nice=10
+ '';
+ }
+
];
}