From 4cebd207d1487e1944fd81bbaf63678dade3ed4e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 15 Sep 2022 19:35:36 +0100
Subject: [PATCH] tmpfiles: add lines for provisioning ssh keys for root by
 default
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

With this, I can now easily do:

    systemd-nspawn --load-credential=ssh.authorized_keys.root:/home/lennart/.ssh/authorized_keys --image=… --boot

To boot into an image with my SSH key copied in. Yay!
---
 tmpfiles.d/provision.conf            | 5 +++++
 units/systemd-tmpfiles-setup.service | 1 +
 2 files changed, 6 insertions(+)

diff --git a/tmpfiles.d/provision.conf b/tmpfiles.d/provision.conf
index a4d7aaf99b..3c56f42d58 100644
--- a/tmpfiles.d/provision.conf
+++ b/tmpfiles.d/provision.conf
@@ -15,3 +15,8 @@ f^ /etc/issue.d/50-provision.conf - - - - login.issue
 
 # Provision a /etc/hosts file from credentials.
 f^ /etc/hosts - - - - network.hosts
+
+# Provision SSH key for root
+d /root :0700 root :root -
+d /root/.ssh :0700 root :root -
+f^ /root/.ssh/authorized_keys :0600 root :root - ssh.authorized_keys.root
diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service
index 7e11eb9414..a420465534 100644
--- a/units/systemd-tmpfiles-setup.service
+++ b/units/systemd-tmpfiles-setup.service
@@ -27,3 +27,4 @@ LoadCredential=tmpfiles.extra
 LoadCredential=login.motd
 LoadCredential=login.issue
 LoadCredential=network.hosts
+LoadCredential=ssh.authorized_keys.root