From 0d1e116e4f2d9d22ff57e412a57b37b8edca3710 Mon Sep 17 00:00:00 2001 From: Benedikt Rips Date: Tue, 12 Aug 2025 07:36:39 +0200 Subject: [PATCH] ssh-tpm-agent: match the upstream systemd units --- modules/services/ssh-tpm-agent.nix | 13 +++---------- .../services/ssh-tpm-agent/as-ssh-agent-proxy.nix | 5 +---- tests/modules/services/ssh-tpm-agent/standalone.nix | 5 +---- 3 files changed, 5 insertions(+), 18 deletions(-) diff --git a/modules/services/ssh-tpm-agent.nix b/modules/services/ssh-tpm-agent.nix index 3e722fe35..f4e0384e3 100644 --- a/modules/services/ssh-tpm-agent.nix +++ b/modules/services/ssh-tpm-agent.nix @@ -74,7 +74,6 @@ in Documentation = "https://github.com/Foxboron/ssh-tpm-agent"; Requires = [ "ssh-tpm-agent.socket" ]; After = [ "ssh-tpm-agent.socket" ]; - RefuseManualStart = true; }; Service = { Environment = "SSH_TPM_AUTH_SOCK=%t/ssh-tpm-agent.sock"; @@ -82,7 +81,7 @@ in let inherit (config.services) ssh-agent; in - "${lib.getExe cfg.package} -l %t/ssh-tpm-agent.sock" + (lib.getExe cfg.package) + lib.optionalString (cfg.keyDir != null) " --key-dir ${cfg.keyDir}" + lib.optionalString ssh-agent.enable " -A %t/${ssh-agent.socket}"; SuccessExitStatus = 2; @@ -102,18 +101,12 @@ in Description = "SSH TPM agent socket"; Documentation = "https://github.com/Foxboron/ssh-tpm-agent"; }; - Socket = { ListenStream = "%t/ssh-tpm-agent.sock"; - RuntimeDirectory = "ssh-tpm-agent"; - SocketMode = "0600"; - DirectoryMode = "0700"; Service = "ssh-tpm-agent.service"; + SocketMode = "0600"; }; - - Install = { - WantedBy = [ "sockets.target" ]; - }; + Install.WantedBy = [ "sockets.target" ]; }; }; }; diff --git a/tests/modules/services/ssh-tpm-agent/as-ssh-agent-proxy.nix b/tests/modules/services/ssh-tpm-agent/as-ssh-agent-proxy.nix index 7ec01ec93..1c4d0174e 100644 --- a/tests/modules/services/ssh-tpm-agent/as-ssh-agent-proxy.nix +++ b/tests/modules/services/ssh-tpm-agent/as-ssh-agent-proxy.nix @@ -17,7 +17,7 @@ assertFileContent $serviceFile ${builtins.toFile "expected-service" '' [Service] Environment=SSH_TPM_AUTH_SOCK=%t/ssh-tpm-agent.sock - ExecStart=@ssh-tpm-agent@/bin/dummy -l %t/ssh-tpm-agent.sock -A %t/ssh-agent + ExecStart=@ssh-tpm-agent@/bin/dummy -A %t/ssh-agent SuccessExitStatus=2 Type=simple @@ -27,7 +27,6 @@ BindsTo=ssh-agent.service Description=ssh-tpm-agent service Documentation=https://github.com/Foxboron/ssh-tpm-agent - RefuseManualStart=yes Requires=ssh-tpm-agent.socket ''} @@ -36,9 +35,7 @@ WantedBy=sockets.target [Socket] - DirectoryMode=0700 ListenStream=%t/ssh-tpm-agent.sock - RuntimeDirectory=ssh-tpm-agent Service=ssh-tpm-agent.service SocketMode=0600 diff --git a/tests/modules/services/ssh-tpm-agent/standalone.nix b/tests/modules/services/ssh-tpm-agent/standalone.nix index a06aac241..42bf8426e 100644 --- a/tests/modules/services/ssh-tpm-agent/standalone.nix +++ b/tests/modules/services/ssh-tpm-agent/standalone.nix @@ -16,7 +16,7 @@ assertFileContent $serviceFile ${builtins.toFile "expected-service" '' [Service] Environment=SSH_TPM_AUTH_SOCK=%t/ssh-tpm-agent.sock - ExecStart=@ssh-tpm-agent@/bin/dummy -l %t/ssh-tpm-agent.sock + ExecStart=@ssh-tpm-agent@/bin/dummy SuccessExitStatus=2 Type=simple @@ -24,7 +24,6 @@ After=ssh-tpm-agent.socket Description=ssh-tpm-agent service Documentation=https://github.com/Foxboron/ssh-tpm-agent - RefuseManualStart=true Requires=ssh-tpm-agent.socket ''} @@ -33,9 +32,7 @@ WantedBy=sockets.target [Socket] - DirectoryMode=0700 ListenStream=%t/ssh-tpm-agent.sock - RuntimeDirectory=ssh-tpm-agent Service=ssh-tpm-agent.service SocketMode=0600