install openssh from github

this removes the need for the windows version's OpenSSH.Server feature-on-demand package which is not publicly available. fixes gitea issue #6 <M-Labs/wfvm#6>
2021-06-16 15:13:12 +02:00 · 2021-06-16 15:13:12 +02:00 · 110fe11f00
parent 07813c3c4f
commit 110fe11f00
5 changed files with 53 additions and 14 deletions
--- a/wfvm/autounattend.nix
+++ b/wfvm/autounattend.nix
@ -50,12 +50,8 @@ let
    # mkDirsDesc ++ writeKeysDesc ++
  [
    {
-      Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess'';
-      Description = "Add OpenSSH service.";
-    }
-    {
-      Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
-      Description = "Enable SSH by default.";
+      Path = ''powershell.exe ${driveLetter}\install-ssh.ps1'';
+      Description = "Install OpenSSH service.";
    }
  ];

@ -77,7 +73,7 @@ let
    ++ setupCommands
    ++ [
      {
-        Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1'';
+        Path = ''powershell.exe ${driveLetter}\setup.ps1'';
        Description = "Setup SSH and keys";
      }
    ]
@ -314,7 +310,7 @@ in {
  '';

  # autounattend.xml is _super_ picky about quotes and other things
-  setupScript = pkgs.writeText "ssh-setup.ps1" (
+  setupScript = pkgs.writeText "setup.ps1" (
    ''
      # Setup SSH and keys
    '' +
--- a/wfvm/install-ssh.ps1
+++ b/wfvm/install-ssh.ps1
@ -0,0 +1,42 @@
+Write-Host "Expanding OpenSSH"
+Expand-Archive D:\OpenSSH-Win64.zip C:\
+
+Push-Location C:\OpenSSH-Win64
+
+Write-Host "Installing OpenSSH"
+& .\install-sshd.ps1
+
+Write-Host "Generating host keys"
+.\ssh-keygen.exe -A
+
+Write-Host "Fixing host file permissions"
+& .\FixHostFilePermissions.ps1 -Confirm:$false
+
+Write-Host "Fixing user file permissions"
+& .\FixUserFilePermissions.ps1 -Confirm:$false
+
+Pop-Location
+
+$newPath = 'C:\OpenSSH-Win64;' + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
+[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
+
+#Write-Host "Adding public key to authorized_keys"
+#$keyPath = "~\.ssh\authorized_keys"
+#New-Item -Type Directory ~\.ssh > $null
+#$sshKey | Out-File $keyPath -Encoding Ascii
+
+Write-Host "Opening firewall port 22"
+New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
+
+Write-Host "Setting sshd service startup type to 'Automatic'"
+Set-Service sshd -StartupType Automatic
+Set-Service ssh-agent -StartupType Automatic
+Write-Host "Setting sshd service restart behavior"
+sc.exe failure sshd reset= 86400 actions= restart/500
+
+#Write-Host "Configuring sshd"
+#(Get-Content C:\ProgramData\ssh\sshd_config).replace('#TCPKeepAlive yes', 'TCPKeepAlive yes').replace('#ClientAliveInterval 0', 'ClientAliveInterval 300').replace('#ClientAliveCountMax 3', 'ClientAliveCountMax 3') | Set-Content C:\ProgramData\ssh\sshd_config
+
+Write-Host "Starting sshd service"
+Start-Service sshd
+Start-Service ssh-agent
--- a/wfvm/openssh/README.md
+++ b/wfvm/openssh/README.md
@ -1 +0,0 @@
-This file is not publicaly acessible anywhere so had to be extracted from a connected instance
--- a/wfvm/openssh/server-package.cab
+++ b/wfvm/openssh/server-package.cab
--- a/wfvm/win.nix
+++ b/wfvm/win.nix
@ -47,7 +47,10 @@ let
    sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
  };

-  openSshServerPackage = ./openssh/server-package.cab;
+  openSshServerPackage = pkgs.fetchurl {
+    url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip";
+    sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz";
+  };

  autounattend = import ./autounattend.nix (
    attrs // {
@ -69,17 +72,16 @@ let
  # Packages required to drive installation of other packages
  bootstrapPkgs =
    runQemuCommand "bootstrap-win-pkgs.img" ''
-      mkdir -p pkgs/fod
-
      7z x -y ${virtioWinIso} -opkgs/virtio

      cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"

      # Install optional windows features
-      cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab
+      cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip

      # SSH setup script goes here because windows XML parser sucks
-      cp ${autounattend.setupScript} pkgs/ssh-setup.ps1
+      cp ${./install-ssh.ps1} pkgs/install-ssh.ps1
+      cp ${autounattend.setupScript} pkgs/setup.ps1

      virt-make-fs --partition --type=fat pkgs/ $out
    '';
				`@ -1 +0,0 @@`
				`This file is not publicaly acessible anywhere so had to be extracted from a connected instance`