diff options
| author | Alejandro Soto <alejandro@34project.org> | 2025-08-03 11:30:44 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2025-08-03 13:19:13 -0600 |
| commit | 84488b99a9f3fe88007fed803160204740b00e8e (patch) | |
| tree | 97ab3ec5103687eb37285bdd69f17d7e0cba5232 /sys | |
| parent | 2a1246a75e438d93da8d53715069c9b6f24ab649 (diff) | |
sys/[lustrated]: enable sshd-ula for remote login
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/auth/openssh.nix | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/sys/auth/openssh.nix b/sys/auth/openssh.nix index ca32979..07e6977 100644 --- a/sys/auth/openssh.nix +++ b/sys/auth/openssh.nix @@ -144,10 +144,16 @@ in }; systemd.sockets = mkIf (restrict != null && restrict.vsockCid != null) { - sshd = { - after = [ "nixvirt.service" ]; - socketConfig.ListenStream = mkForce [ "vsock:${toString restrict.vsockCid}:${toString port}" ]; - }; + sshd = + let + kernelMod = "modprobe@${if restrict.vsockCid == 2 then "vhost_" else ""}vsock.service"; + in + { + after = [ kernelMod ]; + wants = [ kernelMod ]; + + socketConfig.ListenStream = mkForce [ "vsock:${toString restrict.vsockCid}:${toString port}" ]; + }; }; users.users = { |