search

nix-community / nix-on-droid

Nix-enabled environment for your Android device. [maintainers=@t184256,@Gerschtli]
https://nix-on-droid.unboiled.info
MIT License
1.25k stars 69 forks source link

Basic sshd module #156

Closed Gerschtli closed 2 years ago

Gerschtli commented 2 years ago

I was tired of always copy-pasting the instructions from the Wiki to set up sshd, so I build this litte config:

let
  sshdTmpDirectory = "${config.user.home}/sshd-tmp";
  sshdDirectory = "${config.user.home}/sshd";
  pathToPubKey = "...";
  port = 8022;
in
{
  build.activation.sshd = ''
    $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh"
    $DRY_RUN_CMD cat ${pathToPubKey} > "${config.user.home}/.ssh/authorized_keys"

    if [[ ! -d "${sshdDirectory}" ]]; then
      $DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}"
      $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}"

      $VERBOSE_ECHO "Generating host keys..."
      $DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N ""

      $VERBOSE_ECHO "Writing sshd_config..."
      $DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config"

      $DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}"
    fi
  '';

  environment.packages = [
    (pkgs.writeScriptBin "sshd-start" ''
      #!${pkgs.runtimeShell}

      echo "Starting sshd in non-daemonized way on port ${toString port}"
      ${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D
    '')
  ];
}

It is not really sophisticated and could be improved a lot but maybe it is worth adding that as a module?

Maybe it is just enough to keep it here or put it into the Wiki until we have a solid solution for how to run services in our nix-on-droid environment.

I mainly wanted to share that snippet in case anyone has the same problem :)

t184256 commented 2 years ago

Not to downplay the snippet's usefulness, but I'm afraid it's wiki material. Services starting up on activation is neither what I'd expect as a user nor what I'd want to maintain wrt interface stability and testing.

Gerschtli commented 2 years ago

For the record: This snippet is not starting any service on activation.It is just setting up all files needed for sshd. But I agree, it is Wiki material :)

t184256 commented 2 years ago

Oh, right, sorry.

Gerschtli commented 2 years ago

Added here: https://github.com/t184256/nix-on-droid/wiki/SSH-access