forked from M-Labs/wfvm
install openssh from github
this removes the need for the windows version's OpenSSH.Server feature-on-demand package which is not publicly available. fixes gitea issue #6 <M-Labs/wfvm#6>
This commit is contained in:
parent
07813c3c4f
commit
110fe11f00
@ -50,12 +50,8 @@ let
|
|||||||
# mkDirsDesc ++ writeKeysDesc ++
|
# mkDirsDesc ++ writeKeysDesc ++
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess'';
|
Path = ''powershell.exe ${driveLetter}\install-ssh.ps1'';
|
||||||
Description = "Add OpenSSH service.";
|
Description = "Install OpenSSH service.";
|
||||||
}
|
|
||||||
{
|
|
||||||
Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
|
|
||||||
Description = "Enable SSH by default.";
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
@ -77,7 +73,7 @@ let
|
|||||||
++ setupCommands
|
++ setupCommands
|
||||||
++ [
|
++ [
|
||||||
{
|
{
|
||||||
Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1'';
|
Path = ''powershell.exe ${driveLetter}\setup.ps1'';
|
||||||
Description = "Setup SSH and keys";
|
Description = "Setup SSH and keys";
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
@ -314,7 +310,7 @@ in {
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
# autounattend.xml is _super_ picky about quotes and other things
|
# autounattend.xml is _super_ picky about quotes and other things
|
||||||
setupScript = pkgs.writeText "ssh-setup.ps1" (
|
setupScript = pkgs.writeText "setup.ps1" (
|
||||||
''
|
''
|
||||||
# Setup SSH and keys
|
# Setup SSH and keys
|
||||||
'' +
|
'' +
|
||||||
|
42
wfvm/install-ssh.ps1
Normal file
42
wfvm/install-ssh.ps1
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
Write-Host "Expanding OpenSSH"
|
||||||
|
Expand-Archive D:\OpenSSH-Win64.zip C:\
|
||||||
|
|
||||||
|
Push-Location C:\OpenSSH-Win64
|
||||||
|
|
||||||
|
Write-Host "Installing OpenSSH"
|
||||||
|
& .\install-sshd.ps1
|
||||||
|
|
||||||
|
Write-Host "Generating host keys"
|
||||||
|
.\ssh-keygen.exe -A
|
||||||
|
|
||||||
|
Write-Host "Fixing host file permissions"
|
||||||
|
& .\FixHostFilePermissions.ps1 -Confirm:$false
|
||||||
|
|
||||||
|
Write-Host "Fixing user file permissions"
|
||||||
|
& .\FixUserFilePermissions.ps1 -Confirm:$false
|
||||||
|
|
||||||
|
Pop-Location
|
||||||
|
|
||||||
|
$newPath = 'C:\OpenSSH-Win64;' + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
|
||||||
|
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
|
||||||
|
|
||||||
|
#Write-Host "Adding public key to authorized_keys"
|
||||||
|
#$keyPath = "~\.ssh\authorized_keys"
|
||||||
|
#New-Item -Type Directory ~\.ssh > $null
|
||||||
|
#$sshKey | Out-File $keyPath -Encoding Ascii
|
||||||
|
|
||||||
|
Write-Host "Opening firewall port 22"
|
||||||
|
New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
|
||||||
|
|
||||||
|
Write-Host "Setting sshd service startup type to 'Automatic'"
|
||||||
|
Set-Service sshd -StartupType Automatic
|
||||||
|
Set-Service ssh-agent -StartupType Automatic
|
||||||
|
Write-Host "Setting sshd service restart behavior"
|
||||||
|
sc.exe failure sshd reset= 86400 actions= restart/500
|
||||||
|
|
||||||
|
#Write-Host "Configuring sshd"
|
||||||
|
#(Get-Content C:\ProgramData\ssh\sshd_config).replace('#TCPKeepAlive yes', 'TCPKeepAlive yes').replace('#ClientAliveInterval 0', 'ClientAliveInterval 300').replace('#ClientAliveCountMax 3', 'ClientAliveCountMax 3') | Set-Content C:\ProgramData\ssh\sshd_config
|
||||||
|
|
||||||
|
Write-Host "Starting sshd service"
|
||||||
|
Start-Service sshd
|
||||||
|
Start-Service ssh-agent
|
@ -1 +0,0 @@
|
|||||||
This file is not publicaly acessible anywhere so had to be extracted from a connected instance
|
|
Binary file not shown.
12
wfvm/win.nix
12
wfvm/win.nix
@ -47,7 +47,10 @@ let
|
|||||||
sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
|
sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
|
||||||
};
|
};
|
||||||
|
|
||||||
openSshServerPackage = ./openssh/server-package.cab;
|
openSshServerPackage = pkgs.fetchurl {
|
||||||
|
url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip";
|
||||||
|
sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz";
|
||||||
|
};
|
||||||
|
|
||||||
autounattend = import ./autounattend.nix (
|
autounattend = import ./autounattend.nix (
|
||||||
attrs // {
|
attrs // {
|
||||||
@ -69,17 +72,16 @@ let
|
|||||||
# Packages required to drive installation of other packages
|
# Packages required to drive installation of other packages
|
||||||
bootstrapPkgs =
|
bootstrapPkgs =
|
||||||
runQemuCommand "bootstrap-win-pkgs.img" ''
|
runQemuCommand "bootstrap-win-pkgs.img" ''
|
||||||
mkdir -p pkgs/fod
|
|
||||||
|
|
||||||
7z x -y ${virtioWinIso} -opkgs/virtio
|
7z x -y ${virtioWinIso} -opkgs/virtio
|
||||||
|
|
||||||
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
|
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
|
||||||
|
|
||||||
# Install optional windows features
|
# Install optional windows features
|
||||||
cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab
|
cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip
|
||||||
|
|
||||||
# SSH setup script goes here because windows XML parser sucks
|
# SSH setup script goes here because windows XML parser sucks
|
||||||
cp ${autounattend.setupScript} pkgs/ssh-setup.ps1
|
cp ${./install-ssh.ps1} pkgs/install-ssh.ps1
|
||||||
|
cp ${autounattend.setupScript} pkgs/setup.ps1
|
||||||
|
|
||||||
virt-make-fs --partition --type=fat pkgs/ $out
|
virt-make-fs --partition --type=fat pkgs/ $out
|
||||||
'';
|
'';
|
||||||
|
Loading…
Reference in New Issue
Block a user