sshd: Don't remove symlinks to host key files

If a host key file is a symlink pointing to an as of yet non-existent file, we don't want to remove it, but instead follow the symlink and create the file at that location. See https://github.com/nix-community/impermanence/issues/101 for more information on the issue the original behavior creates.
2022-07-21 19:15:04 +02:00 · 2022-07-21 19:15:04 +02:00 · ddf8182d5b
parent 79870e6ab6
commit ddf8182d5b
1 changed files with 3 additions and 1 deletions
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@ -442,7 +442,9 @@ in

                ${flip concatMapStrings cfg.hostKeys (k: ''
                  if ! [ -s "${k.path}" ]; then
-                      rm -f "${k.path}"
+                      if ! [ -h "${k.path}" ]; then
+                          rm -f "${k.path}"
+                      fi
                      ssh-keygen \
                        -t "${k.type}" \
                        ${if k ? bits then "-b ${toString k.bits}" else ""} \