From d9ac3ba30b6fcf2996e015bc5c0ecef3f0295fcf Mon Sep 17 00:00:00 2001 From: talyz Date: Thu, 18 Sep 2025 15:33:06 +0200 Subject: [PATCH] nixos/ec2-data: sshd.service -> sshd-keygen.service SSH key generation was split out into its own systemd service in https://github.com/NixOS/nixpkgs/pull/372979, but dependent service definitions weren't updated. The `apply-ec2-data` service needs to run before SSH key generation, as it fetches host keys defined in ec2 user data and these keys should take priority over generating new ones. Currently, the ordering doesn't specify which should run first of `apply-ec2-data` and `sshd-keygen`; in practice it seems that `sshd-keygen` often wins the race, though. Update the dependencies so that `apply-ec2-data` always runs first. --- nixos/modules/virtualisation/ec2-data.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/virtualisation/ec2-data.nix b/nixos/modules/virtualisation/ec2-data.nix index 0e71bde0a452..f1b3dfe1bbad 100644 --- a/nixos/modules/virtualisation/ec2-data.nix +++ b/nixos/modules/virtualisation/ec2-data.nix @@ -23,9 +23,9 @@ with lib; wantedBy = [ "multi-user.target" - "sshd.service" + "sshd-keygen.service" ]; - before = [ "sshd.service" ]; + before = [ "sshd-keygen.service" ]; after = [ "fetch-ec2-metadata.service" ]; path = [ pkgs.iproute2 ]; @@ -80,7 +80,7 @@ with lib; systemd.services.print-host-key = { description = "Print SSH Host Key"; wantedBy = [ "multi-user.target" ]; - after = [ "sshd.service" ]; + after = [ "sshd-keygen.service" ]; script = '' # Print the host public key on the console so that the user # can obtain it securely by parsing the output of