From ad38a2a6464394697f0672717f39c1b6188c1a89 Mon Sep 17 00:00:00 2001
From: Daniel Fullmer <danielrf12@gmail.com>
Date: Tue, 3 May 2022 17:58:19 -0700
Subject: nixos/ssh: remove empty host key files before generating new ones

In a previous PR [1], the conditional to generate a new host key file
was changed to also include the case when the file exists, but has zero
size. This could occur when the system is uncleanly powered off shortly
after first boot.

However, ssh-keygen prompts the user before overwriting a file. For
example:

$ touch hi
$ ssh-keygen -f hi
Generating public/private rsa key pair.
hi already exists.
Overwrite (y/n)?

So, lets just try to remove the empty file (if it exists) before running
ssh-keygen.

[1] https://github.com/NixOS/nixpkgs/pull/141258
---
 nixos/modules/services/networking/ssh/sshd.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'nixos')

diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 230ab673a9761..d467c3c0471cf 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -441,6 +441,7 @@ in
 
                 ${flip concatMapStrings cfg.hostKeys (k: ''
                   if ! [ -s "${k.path}" ]; then
+                      rm -f "${k.path}"
                       ssh-keygen \
                         -t "${k.type}" \
                         ${if k ? bits then "-b ${toString k.bits}" else ""} \
-- 
cgit 1.4.1