From 0173a9ced9bc4e876b6607b7604c24bbedeb489c Mon Sep 17 00:00:00 2001 From: Daniel Barlow Date: Sun, 21 May 2023 17:07:19 +0100 Subject: [PATCH] set PATH correctly in ssh sessions for a non=interactive shell ("ssh linminix foo") ash does not source *any* startup files, so we need to set this to something more useful than /bin:usr/bin --- examples/rotuer.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/examples/rotuer.nix b/examples/rotuer.nix index 22d78fd..85ae0ae 100644 --- a/examples/rotuer.nix +++ b/examples/rotuer.nix @@ -151,12 +151,21 @@ in rec { services.sshd = longrun { name = "sshd"; + # env -i clears the environment so we don't pass anything weird to + # ssh sessions. Dropbear params are + # -e pass environment to child + # -E log to stderr + # -R create hostkeys if needed + # -P pid-file + # -F don't fork into background + run = '' if test -d /persist; then mkdir -p /persist/secrets/dropbear ln -s /persist/secrets/dropbear /run fi - ${dropbear}/bin/dropbear -E -R -P /run/dropbear.pid -F + PATH=${lib.makeBinPath config.defaultProfile.packages}:/bin + exec env -i ENV=/etc/ashrc PATH=$PATH ${dropbear}/bin/dropbear -e -E -R -P /run/dropbear.pid -F ''; };