23 lines
614 B
Plaintext
23 lines
614 B
Plaintext
[Unit]
|
|
Description=Request %I SSH Host Certificate
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
Before=ssh-host-certs.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
|
|
[Container]
|
|
Image=git.pyrocufflink.net/containerimages/sshca-cli
|
|
Pull=newer
|
|
EnvironmentFile=/etc/sysconfig/ssh-host-cert-sign
|
|
Exec=host sign --output /etc/ssh/ssh_host_%I_key-cert.pub /etc/ssh/ssh_host_%I_key.pub
|
|
Volume=/etc/ssh:/etc/ssh:rw
|
|
Volume=/sys/firmware:/sys/firmware:ro
|
|
Volume=/sys/class/dmi/id:/sys/class/dmi/id:ro
|
|
Network=host
|
|
SecurityLabelDisable=yes
|
|
ContainerName=%p-%i
|
|
PodmanArgs=--uts=host
|
|
PodmanArgs=--security-opt=unmask=/sys/firmware
|