ssh-host-certs: Run sshca-cli from a container
Installing packages on the host system via `rpm-ostree` is _insanely_ slow, especially on Raspberry Pi devices. The main reason I chose to go that route for managing the SSH host certificates was to avoid having to maintain the systemd units in multiple places. I think the trade-off is worth it, though; bringing up a new Raspberry Pi is significantly faster, by 15+ minutes, if we do not have to wait for `rpm-ostree` at all.
This commit is contained in:
12
ssh-host-certs.service
Normal file
12
ssh-host-certs.service
Normal file
@@ -0,0 +1,12 @@
|
||||
# vim: set ft=systemd :
|
||||
[Unit]
|
||||
Description=Request SSH Host Certificates
|
||||
ConditionFirstBoot=yes
|
||||
Wants=ssh-host-certs-renew.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/systemctl disable %n
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user