lyrathorpe/nixfiles
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
69ba65bde3512431c419d21ed76fcbbfd3b7f99a
nixfiles/system/machine/EDaaS/configuration.nix
T
Emma Thorpe dddf97f3ad
CI / flake (pull_request) Successful in 2m7s
Details
fix(wsl): disable systemd-ssh-proxy ssh_config include 
The NixOS-WSL store is a read-only VHD whose files are owned by nobody
(65534), not root. programs.ssh.systemd-ssh-proxy.enable (default true)
adds `Include <systemd>/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf`
to /etc/ssh/ssh_config. OpenSSH permission-checks Include'd config files
and rejects any not owned by root or the caller, so the nobody-owned
include fails with "Bad owner or permissions" and breaks ssh/git for
every command.

Disable it on the WSL host: the proxy plugin only serves `ssh unix/…` /
`vsock` connections to local machined VMs, which WSL does not use. Other
hosts keep the default (root-owned store, include works).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-04 12:20:01 +00:00

67 lines
2.5 KiB
Nix
Raw Blame History

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
# NixOS-WSL specific options are documented on the NixOS-WSL repository:
# https://github.com/nix-community/NixOS-WSL
{
config,
lib,
pkgs,
...
}:
{
wsl = {
enable = true;
defaultUser = "emmathorpe";
wslConf.automount.root = "/mnt";
wslConf.interop.appendWindowsPath = false;
wslConf.network.generateHosts = false;
startMenuLaunchers = true;
docker-desktop.enable = false;
extraBin = with pkgs; [
# Binaries for Docker Desktop wsl-distro-proxy
{ src = "${coreutils}/bin/mkdir"; }
{ src = "${coreutils}/bin/cat"; }
{ src = "${coreutils}/bin/whoami"; }
{ src = "${coreutils}/bin/ls"; }
{ src = "${busybox}/bin/addgroup"; }
{ src = "${su}/bin/groupadd"; }
{ src = "${su}/bin/usermod"; }
];
};
virtualisation.docker = {
enable = true;
enableOnBoot = true;
autoPrune.enable = true;
};
networking.resolvconf.enable = false;
# Drop the systemd-ssh-proxy Include from the generated /etc/ssh/ssh_config.
# The NixOS-WSL store is a read-only VHD whose files are owned by nobody
# (65534), not root. OpenSSH permission-checks Include'd config files and
# rejects any not owned by root or the caller, so the default include fails
# with "Bad owner or permissions" and breaks ssh/git for every command. The
# proxy plugin only matters for `ssh unix/…` / `vsock` to local machined VMs,
# which WSL does not use.
programs.ssh.systemd-ssh-proxy.enable = false;
## patch the script
systemd.services.docker-desktop-proxy.script = lib.mkForce ''${config.wsl.wslConf.automount.root}/wsl/docker-desktop/docker-desktop-user-distro proxy --docker-desktop-root ${config.wsl.wslConf.automount.root}/wsl/docker-desktop "C:\Program Files\Docker\Docker\resources"'';
features.swayDesktop.enable = false;
programs.nix-ld.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink