From a0962df9025d8b981f598978601038aa9b8c0648 Mon Sep 17 00:00:00 2001 From: Marie Ramlow Date: Sat, 11 Jan 2025 16:06:03 +0100 Subject: [PATCH] doc/rl-2505: document systemd-ssh-generator changes --- doc/manpage-urls.json | 2 ++ nixos/doc/manual/release-notes/rl-2505.section.md | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/doc/manpage-urls.json b/doc/manpage-urls.json index 63f877dcb660..8b3b58c15125 100644 --- a/doc/manpage-urls.json +++ b/doc/manpage-urls.json @@ -228,6 +228,8 @@ "systemd-socket-activate(1)": "https://www.freedesktop.org/software/systemd/man/systemd-socket-activate.html", "systemd-socket-proxyd(8)": "https://www.freedesktop.org/software/systemd/man/systemd-socket-proxyd.html", "systemd-soft-reboot.service(8)": "https://www.freedesktop.org/software/systemd/man/systemd-soft-reboot.service.html", + "systemd-ssh-generator(8)": "https://www.freedesktop.org/software/systemd/man/systemd-ssh-generator.html", + "systemd-ssh-proxy(1)": "https://www.freedesktop.org/software/systemd/man/systemd-ssh-proxy.html", "systemd-stdio-bridge(1)": "https://www.freedesktop.org/software/systemd/man/systemd-stdio-bridge.html", "systemd-stub(7)": "https://www.freedesktop.org/software/systemd/man/systemd-stub.html", "systemd-suspend-then-hibernate.service(8)": "https://www.freedesktop.org/software/systemd/man/systemd-suspend-then-hibernate.service.html", diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 37dab65d2eba..401dcff540bd 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -457,6 +457,19 @@ - GOverlay has been updated to 1.2, please check the [upstream changelog](https://github.com/benjamimgois/goverlay/releases) for more details. +- systemd's {manpage}`systemd-ssh-generator(8)` now works out of the box on NixOS. + - You can ssh into VMs without any networking configuration if your hypervisor configures the vm to support AF_VSOCK. + It still requires the usual ssh authentication methods. + - An SSH key for the root user can be provisioned using the `ssh.authorized_keys.root` systemd credential. + This can be useful for booting an installation image and providing the SSH key with an smbios string. + - SSH can be used for suid-less privilege escalation on the local system without having to rely on networking: + ```shell + ssh root@.host + ``` + - systemd's {manpage}`systemd-ssh-proxy(1)` is enabled by default. It can be disabled using [`programs.ssh.systemd-ssh-proxy.enable`](#opt-programs.ssh.systemd-ssh-proxy.enable). + +- SSH host key generation has been separated into the dedicated systemd service sshd-keygen.service. + - [`services.mongodb`](#opt-services.mongodb.enable) is now compatible with the `mongodb-ce` binary package. To make use of it, set [`services.mongodb.package`](#opt-services.mongodb.package) to `pkgs.mongodb-ce`. - [`services.jupyter`](#opt-services.jupyter.enable) is now compatible with `Jupyter Notebook 7`. See [the migration guide](https://jupyter-notebook.readthedocs.io/en/latest/migrate_to_notebook7.html) for details.