Using a systemd generator to automatically enable
*fetch-sshkeys@.service* unit instances allows multiple users' keys to
be specified on the kernel command line, without explicitly enabling
the corresponding units.
Since `/var` is a tmpfs filesystem, having the Journal stored there is
just a waste of space; `systemd-journald` already writes the journal to
`/run/log/journal`.
*dhcpcd* does not set the system host name to the value provided in the
DHCP lease unless the current hostname matches its compiled-in default
value (which is `(none)`) or is *localhost*. I'm not sure how to change
the former, but we can easily set the default to the latter to enable
dynamic hostname configuration via DHCP.
Instead of parsing the kernel command line to find the destination(s)
where syslog messages should be forwarded, we can use a *dhcpcd* hook to
get them from the DHCP lease.
By default, *dhcpcd* generates a "complete" `chrony.conf` file using the
NTP servers specified in the DHCP lease, and then restarts the Chrony
daemon. This is unnecessary, as *chrony* can reload its list of
sources without restarting, and also problematic in our case. For one
thing, *dhcpcd* tries to write to `/etc/chrony.conf` directly, which is
obviously impossible when the root filesystem is immutable.
Fortunately, it is flexible enough to be configured to leave
`/etc/chrony.conf` alone and generate a different file and then tell
*chrony* to reread it.
The *chrony-wait.service* unit introduces a delay into the system
startup that allows follow-up units to wait until the system time is
confirmed correct. The unit file itself was derived from the one
included in the *chrony* package for Fedora.
Instead of manually managing symlinks to enable units, we can define a
system preset that lists which units we want disabled. Units that have
in `Install` section are automatically enabled.
Dustin