Make sure .ssh exists before trying to copy authorized_keys into it

2022-03-06 02:14:26 +01:00 · 2022-03-06 02:14:26 +01:00 · 9d5e943468
commit 9d5e943468
parent ed11652607
2 changed files with 16 additions and 4 deletions
--- a/modules/base/sshd/default.nix
+++ b/modules/base/sshd/default.nix
@ -1,7 +1,10 @@
 { config, lib, ... }:

 {
-  chvp.base.zfs.ensureExists = [ "${config.chvp.dataPrefix}/etc/ssh" ];
+  chvp.base.zfs = {
+    ensureSystemExists = [ "${config.chvp.dataPrefix}/etc/ssh" ];
+    ensureHomeExists = [ ".ssh" ];
+  };
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
--- a/modules/base/zfs/default.nix
+++ b/modules/base/zfs/default.nix
@ -20,10 +20,14 @@
        { path = ".cache/nix-index"; type = "cache"; }
      ];
    };
-    ensureExists = lib.mkOption {
+    ensureSystemExists = lib.mkOption {
      default = [ ];
      example = [ "/data/etc/ssh" ];
    };
+    ensureHomeExists = lib.mkOption {
+      default = [ ];
+      example = [ ".ssh" ];
+    };
    backups = lib.mkOption {
      default = [ ];
      example = [{
@ -87,14 +91,16 @@

    systemd.services =
      let
-        ensureExistsScript = lib.concatStringsSep "\n" (map (path: "mkdir -p ${path}") config.chvp.base.zfs.ensureExists);
        makeLinkScript = config: lib.concatStringsSep "\n" (map (location: ''mkdir -p "${location.path}"'') config);
+        ensureSystemExistsScript = lib.concatStringsSep "\n" (map (path: ''mkdir -p "${path}"'') config.chvp.base.zfs.ensureSystemExists);
        systemLinksScript = makeLinkScript config.chvp.base.zfs.systemLinks;
+        ensureHomeExistsScript = lib.concatStringsSep "\n" (map (path: ''mkdir -p "${path}"'') config.chvp.base.zfs.ensureHomeExists);
        homeLinksScript = makeLinkScript config.chvp.base.zfs.homeLinks;
      in
      {
        make-system-links-destinations = {
          script = ''
+            ${ensureSystemExistsScript}
            ${systemLinksScript}
            mkdir -p /home/charlotte
            chown charlotte:users /home/charlotte
@ -115,7 +121,10 @@
        };

        make-home-links-destinations = {
-          script = homeLinksScript;
+          script = ''
+            ${ensureHomeExistsScript}
+            ${homeLinksScript}
+          '';
          after = [ "local-fs.target" "make-system-links-destinations.service" ];
          wants = [ "local-fs.target" "make-system-links-destinations.service" ];
          before = [ "shutdown.target" "sysinit.target" ];