Using a systemd generator to automatically enable
*fetch-sshkeys@.service* unit instances allows multiple users' keys to
be specified on the kernel command line, without explicitly enabling
the corresponding units.
Instead of parsing the kernel command line to find the destination(s)
where syslog messages should be forwarded, we can use a *dhcpcd* hook to
get them from the DHCP lease.
By default, *dhcpcd* generates a "complete" `chrony.conf` file using the
NTP servers specified in the DHCP lease, and then restarts the Chrony
daemon. This is unnecessary, as *chrony* can reload its list of
sources without restarting, and also problematic in our case. For one
thing, *dhcpcd* tries to write to `/etc/chrony.conf` directly, which is
obviously impossible when the root filesystem is immutable.
Fortunately, it is flexible enough to be configured to leave
`/etc/chrony.conf` alone and generate a different file and then tell
*chrony* to reread it.
The *chrony-wait.service* unit introduces a delay into the system
startup that allows follow-up units to wait until the system time is
confirmed correct. The unit file itself was derived from the one
included in the *chrony* package for Fedora.
Instead of manually managing symlinks to enable units, we can define a
system preset that lists which units we want disabled. Units that have
in `Install` section are automatically enabled.
Dustin