users.extraUsers.xxx.openssh takes effect before users.extraUsers.xxx.createHome #12
Comments
|
Correct me if I'm wrong, but isn't authorized_keys generated when the ssh service is restarted? And that should happen after the users are created, shouldn't it? How does your use case look? Is this on the boot-up activation, or after nixos-rebuild switch? |
|
This is during a switch. I have verified that in two steps (add the user with createHome = yes, switch, add the SSH key, switch again), the keys are created correctly. |
|
PS: I want to use this with disnixos-deploy-network, so doing a nixos-rebuild boot and rebooting is not really an option, even if it worked. |
|
Of course rebooting is not an option. I suspect the ssh service isn't restarted properly when rebuilding. I'll try to look into this when I get time. |
|
Does this still happen with new mutable/immutable users creation? |
Basically, extraUsers are not created until after openssh authorized_keys have been updated. For users that rely on createHome to get their home directories, this means a single-step deployment breaks and the keys are never installed. (openssh silently skips any users without home directories)
The text was updated successfully, but these errors were encountered: