diff --git a/overlay/etc/fstab b/overlay/etc/fstab index 001082f..1d8992a 100644 --- a/overlay/etc/fstab +++ b/overlay/etc/fstab @@ -1,3 +1 @@ PARTLABEL=dch-data /var btrfs subvol=var,nosuid,noexec,nodev 0 2 -PARTLABEL=dch-data /run/etc btrfs subvol=etc,nosuid,noexec,nodev 0 0 -overlay /etc/ssh overlay lowerdir=/etc/ssh,upperdir=/run/etc/rw/ssh,workdir=/run/etc/.work,x-systemd.requires=run-etc.mount 0 0 diff --git a/overlay/etc/ssh/sshd_config b/overlay/etc/ssh/sshd_config new file mode 100644 index 0000000..9e377dc --- /dev/null +++ b/overlay/etc/ssh/sshd_config @@ -0,0 +1,16 @@ +PasswordAuthentication no + +UsePAM yes +PrintMotd no +PrintLastLog no + +Subsystem sftp /usr/lib64/misc/sftp-server + +AcceptEnv LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE +AcceptEnv COLORTERM + +HostKey /var/lib/ssh/ssh_host_rsa_key +HostKey /var/lib/ssh/ssh_host_ecdsa_key +HostKey /var/lib/ssh/ssh_host_ed25519_key + +Include /etc/ssh/sshd_config.d/*.conf diff --git a/overlay/usr/lib/systemd/system-preset/80-local-default.preset b/overlay/usr/lib/systemd/system-preset/80-local-default.preset index 73e8dcc..b7e7ea9 100644 --- a/overlay/usr/lib/systemd/system-preset/80-local-default.preset +++ b/overlay/usr/lib/systemd/system-preset/80-local-default.preset @@ -14,4 +14,4 @@ enable systemd-networkd.socket disable getty@.service enable sshd.socket -enable ssh-keygen.service +enable ssh-keygen.target diff --git a/overlay/usr/lib/systemd/system/ssh-keygen.service b/overlay/usr/lib/systemd/system/ssh-keygen.service deleted file mode 100644 index 5072ac1..0000000 --- a/overlay/usr/lib/systemd/system/ssh-keygen.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Generate SSH host keys - -[Service] -Type=oneshot -ExecStart=/usr/bin/ssh-keygen -A - -[Install] -WantedBy=sshd@.service diff --git a/overlay/usr/lib/systemd/system/ssh-keygen.target b/overlay/usr/lib/systemd/system/ssh-keygen.target new file mode 100644 index 0000000..09372b4 --- /dev/null +++ b/overlay/usr/lib/systemd/system/ssh-keygen.target @@ -0,0 +1,7 @@ +[Unit] +Wants=ssh-keygen@rsa.service +Wants=ssh-keygen@ecdsa.service +Wants=ssh-keygen@ed25519.service + +[Install] +WantedBy=multi-user.target diff --git a/overlay/usr/lib/systemd/system/ssh-keygen@.service b/overlay/usr/lib/systemd/system/ssh-keygen@.service new file mode 100644 index 0000000..0da6894 --- /dev/null +++ b/overlay/usr/lib/systemd/system/ssh-keygen@.service @@ -0,0 +1,11 @@ +[Unit] +Description=Generate SSH %I host key +ConditionPathExists=!%S/ssh/ssh_host_%I_key + +[Service] +Type=oneshot +StateDirectory=ssh +ExecStart=/usr/bin/ssh-keygen -t %I -f %S/ssh/ssh_host_%I_key -N '' + +[Install] +WantedBy=sshd-keygen.target diff --git a/overlay/usr/lib/systemd/system/sshd@.service.d/after-keygen.conf b/overlay/usr/lib/systemd/system/sshd@.service.d/after-keygen.conf deleted file mode 100644 index 103820c..0000000 --- a/overlay/usr/lib/systemd/system/sshd@.service.d/after-keygen.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Unit] -After=ssh-keygen.service diff --git a/overlay/usr/libexec/init-storage b/overlay/usr/libexec/init-storage index dd971e1..be18b33 100755 --- a/overlay/usr/libexec/init-storage +++ b/overlay/usr/libexec/init-storage @@ -26,9 +26,6 @@ format_dev() { mkfs.btrfs "${dev}" || exit mount "${dev}" "${tmpdir}" || exit - btrfs subvolume create "${tmpdir}"/etc || exit - mkdir -p "${tmpdir}"/etc/.work "${tmpdir}"/etc/rw || exit - mkdir -p "${tmpdir}"/etc/rw/ssh btrfs subvolume create "${tmpdir}"/var || exit btrfs subvolume create "${tmpdir}"/var/log || exit umount "${dev}" || exit