From 61c3b4eb6615fcf13ff702a03161a47d1262476b Mon Sep 17 00:00:00 2001
From: macmpi <spam@ipik.org>
Date: Sat, 13 May 2023 00:16:54 +0200
Subject: [PATCH] trigger new keys generation if supplied key file is empty

---
 README.md                          |   2 +-
 headless.apkovl.tar.gz             | Bin 4923 -> 5039 bytes
 overlay/etc/local.d/headless.start |  15 +++++++++++----
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 23476e0..2da52eb 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ From there, system install can be performed as usual with `setup-alpine` for ins
 Add-on files may be added next to `headless.apkovl.tar.gz` to customise boostrapping configuration (sample files are provided):
 - `wpa_supplicant.conf`[^2] (*mandatory for wifi usecase*): define wifi SSID & password.
 - `interfaces`[^2] (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable.
-- `ssh_host_*_key*` (*optional*): provide custom ssh keys to be injected (may be stored), instead of using bundled ones[^1] (not stored).
+- `ssh_host_*_key*` (*optional*): provide custom ssh keys to be injected (may be stored), instead of using bundled ones[^1] (not stored). Providing an empty key file will trigger new keys generation (ssh server may take longer to start).
 - `unattended.sh`[^2] (*optional*): create custom automated deployment script to further tune & extend actual setup (backgrounded).
 
 
diff --git a/headless.apkovl.tar.gz b/headless.apkovl.tar.gz
index 802c8a823e0bb149568c55d08124d8a270b3dfe3..f9c1328fe9c56f6251176fa0691c7ec0a9f859f9 100644
GIT binary patch
literal 5039
zcmV;g6Hx3QiwFP!000001ME6!)0;+``D%UzaXdSdFz?HKXfsJILV(bL5TFBQr(E3k
zAx=Ry|9wHWvrZ-%*X}yrohm<7QUl%eb06Kb*EsMOzcU~c&?Nb2C-`OixJC(#!cY{a
zDC`RaMQ|MZ0wjNL!e(ge#;QQ@i>fG^e>Cnx{r{xkP5OU!J>P26=CwWX_`3G0E^@s3
z<KdVUOcBI?L;nOt<6nTt$0Oml;j{kXx(<KW81V3a`a}MY6F82e7(z|@M^TLY?Ejwv
z-syk(y$*}Id0o}k>%<$L%hvu_I6mP2C_+=e&_6jhpZ)(6z@+!5N#!6r!4j88i$ezo
z<LBEIdt{gM<KVbjYRdAK2FNZTaOt`uBNt!!gV6O&h9@^I=Z&R=?ABq_>fITM36+G7
z=hO&7EijZs^Yu-uaeFg~9hzG#*Jqe>H;a8}3(_GtY{EoM?zzTAs?%Z|*1~(rsaMc>
zP0NdWOz$qu{oJ+GsUFS@+7s?hmD(-KZeqz9wB!1E;5eFgyQ&f|9Dm)OH%f;f@gY87
z+XL5cnR~03VUAshqdFo&2#Gr~UWKZ66EVG!a$$o;ArfaiyjkDKrQ_Ce7ql>s2kq8I
zB}_XU?E|`vrNg!IwjH~5Z#e;bOLfzA)Vk&pILxBL-JWlvUncERljXx{p|02GfPpX)
zjn0l-#FaI)=d^*=S&7!Gjl&NSKXh(`j|+>}N7c6UGrrVC&dbGpKb|i5;H9>WjoNlU
z(x&IRovRnNlwRuK><f^uG{}KMmm9<pbo#hF*bDNm@*U4?oJ~fDg?HRSHF>)WP|DeN
zFOaqoN3NL7%FeX-lH6b)ce?DtAVzE|)jdIwyIJ(9u}#ili`#s|tnJ-yh-)3MzXNCc
z|2HcwquhH6J<CnKx(5EQt@kthZ{hFazvp5ki7w_G@Ud__;{V^r{h#tbh2y`7{{)30
zpX2|hfTtOjyeP@wLE&XhTZ4)!omrg+x4iM_1#Eno+W8|lROU5l-1w0n*riBzc6ORC
zc{^LQ=8=5|bKYS0{rumI4i+@#1vn0}e!3s#LEQ34uEI_n85TE`^BO}Ll{4I~9x0<@
ztJU3B-92<H0?6^^IX2N=D`hX{Z#r-d-k<e<Iw>#{&1G%6boRaw+~ZRvMXiz_Vm|3*
zXI(BJ`OpNx7&RT?5(2tP4kBYK{mKm%C*Qu_`AvvHz^If_&DDy~2*^ls(TcniGkwB(
z)7iMn8kc)-UC4BI2~*>u*5*|n+2eQL0T0pg^6Iz6{z>%zkNp2*)qo#b|4r`x%leN%
ziO>H3DPXSu-m3gj19ER_z|>qxsI2qk{7e#l-S~ga_CMDN|6K4}>%WhQ;{*AhL`dwH
z`JX`O&;I`@;CIab%k+`|-AAT&azG9rUH$a(Jka3T{uK9CX~-OLkOyIajNI*UCbXHI
z*^t|$yo;<Rb9ch15*l?Si1+*i5X_4toeFV9@;NftNf3*sgdh6usG@$KPisx-a@SVH
zDl$yo+?z;HB-dRNG*veq@*NAODm40lV?YC1IcJ-0)7?JxW#_Qg5N#I)EN2YseUdEE
zF$h`+w<+qL2B9#dnocidX)MMjii4W#_BN1EhPg;vo_7{Y!w)0K=!w(y7B&g3ZSI<D
z6s|;u%Aiv1@w&EGHnHpOGO>%Yg(fF)B94t#48SU-@Tls!+$tdj4^Em*Lm|zU3Skzv
zwU%08PMN#l6zh7boYXsNC`!}1MtWUY5{1=OYTAAXkT=(6hwE}*g!>A&T?W2{JcC@Y
z1a<q<J;=*@yx*fj!{p@!ThvGt?;-4(=Qe(##9?!;B;k4o{CuR{RofgjcfCA82&-qX
z=bY5tUE!{r*%H<|;kxQz)v8|}Gv-=wToJTKm^)%*QlRCw!xuQPBhyY6B}}InQ<nD^
zYrna0rC`_%cHj9+Y#5k=<`?u_E=96(>Y=rc?v?Q8dlA5FY~qsL3lbyVE~{g^ik)y;
zxo&VrhNTP4VYa80TSpD}_*i@5mOL!3ni8&aa(OvNoUmO6kP2)T`;3&Nd#1@_y+e5S
z%50Fyf`s}MP%M#&s;G;uwA}~;ZR{+X8Oxzp$dg~=xTs7~0v9e24V2orxsKOWh%|ge
z6fB$V!*R1=U5Ai%U4ubwZ5op5l&1uOb!|`WX`>)^Y&DAHArpPm4wq{MI9}F-(PjIC
zAW(&E9+1d6<(KVRI~Y2XcvT|Yu^xjsn$bOuD7#Z^O60PpPq%$QdJS=7*b=(|e!L(A
zK7-)G>$f^2TH6pQFNFzZ8X-tiY}HZTaWAWpw)4y8++)$9skY?hf)k#VU;2I8>stxX
zw+jsS6|_(lS!hc6>Ii#dLpjE{l2zN^Q0JzzWvLjICM8L1fgZv-I$Oi?%v?zZ!jE)y
z;&VXl&q~AcWQXShuQ7U`_L<#^A<0(Mm{t6hI&C_EVuPEsOO!s5TXQR0TD5@P0W$4T
zjpPLC08!U<A&a?la8oZL?baIJyLH`d4|m0T#FYIMUmj+`UR?Y_B>tLcu~ULEtIW5Y
z`*lG#5HQ>}mbkFCkY^6!z~Lij@~7@BU&jy?wbgbh$b;Bj42o?NC01*fh~jJvNKTAJ
zqzLaxabx5fpfkM5#N4^BMh~Su!RPNtd~93Ua3ypIk|o}<l!Db)5;jRMPX*bcQroF>
z@=)Gr3fc0b6^6ipQ5M56Ci^XN?GUL)gu^bYv@I*3C|W3uB=JqR+>^Wh;OJ}Rwqu9^
zV{XyN#7jbQp~N`4;RrBzF6G&IS1?!fX6s&Tj!JgrsMAS_xC|MHV|+Asv5xh-`}%s7
zazs>=eH8f@0lE9hB0{_qt^qLL5;nW;tG%-Cd$h;-6|ywXx<D!02EVz{PHUudxmN<%
zRj6Z&@5nan0`0oOc{hi{qrDAG4Y=pY<p>>g85<ESC5osOcWs~wX3waSA;y)tARTl)
zEaG-tmg~JNO)>2{nj*`Ekbf1TPOGUKAj%<S^8Jcm*1J`9+Fb{<Hf{LWTd+Tx@n}lu
zvI^)^ha3aX@J)KPxnfY4#;a8c;eoH2vrzyY>SdR6>7xcl^GjYrEG<GLVs)3CVa&HW
zmbhzDAuQW>?yBN*w}G?Im<@+{M^Tg@qN78|GO(h>D}?1#0aqjA?iQyQTH~05YX#Qv
zdtKBP+UhK>I}$aHw+;~r>SnDAMqz66mM`(axE!Ly1vV$shAwwoBQYA2OHr~s$|+j2
zSm}o}YMWh{ZS<%`mb-Hpa731=NT7R3p$Do|WaeTKubIXJSOw`aS2RkJfNgrcxD_mM
zUc#Z?SpmyXOLxQGcV%#J(tXkvj|6*MExNUSyllfoRmr`+&Imx%@}nQ{cvYY6WyT%O
zCs{`K@X>=BL#m)Vbb-og9%(O0%5p(tSKdR39l7JxpgCSbh`nxNk^pGiy80x0m!zy1
z>09r4_(79NxgA%LpPkoeZ{W3A8zRl16p9StNji-5X$fx@WoJvskr`s60&*dx7tkQH
zun`v0iDbLlJsx(HO0OC3O1kid)MaCB=?B~P`<;%lOk&!{+h)(t1%*pRtb8v4SY{1&
zhwZD1P10@{Ajs@SQIOSsEj#lL_LMdDoOMv!#8UG#BFhT4Q$ircV1bHbabd18j01s+
zj>53u7jeR8H^aNq_OT}M+tPz%n99m-QH~rRlAi6J{jxO7$wIv`F>7@ngp1(5-junr
z2i7h;mQinwrJk>kt8HQ2ikj?ehSl@2XLPc5R#c`!b&RUVoX--L#jw62E?jnz*voBo
zHJMlf$_>7e*x)MBCyJ@yjXG5{+Je^4w|Yx0u*O>Z^s-b9tK)-3UGLqU!pPSlO_?=m
ztL0P}QNjrajsw3r=9G_b;JMmbs)LO!kfSKnj+nNlh8E^UNNn*uI{p8j?TF9tiD6#<
zrG;aq&+hN`4fyf>_k-s@2#h9ieEQAbe<=$2{QdV+!29}tw_Wo*i{v9R`;YZMANE0i
z(myqy6F`aS>ht>lQ@~eW!giFybqD}ofm~4zRTP8`h#?pTKFtmOXE3vztc<39O<7%^
zc9G-dwf7{sUfx80<W>I)?j;=n&b+Eg2l=~~$TRhFo=)}LsPdc!tQ)sz8_>#K(5tGV
zs==lJog%M`)B~*=teoeE4T5gr)nHyUU|Iyz@SzE#JOI4A=YZ(<u<Ld3ySK3K{{;nr
zX;|P@;8WdzuYN$j`sy3_NAM;4*n9+cQQqFccQy^qXPfG#vP!Uf^_Ei59^Udck((tG
zu^`-JCHy=Mn*>sHX=yd#cdz~g`q4x>oK5^#;8SMZU9W6HaFS3nlpg4UPxC<VkKe%0
z-~4g9soDwuQ}MRj2cL2)^T2POtumP=eVz>NIT*pG2VWD`NAC|mg8%+4_#Y2~!6y{_
zdY0hYOG~ht<W^)e4}MXBeQCX}+p<g}$I9Qxw5~&NKDFglK;=BWJ-;<Q@!Tp8z=tzW
zlTGULnzjUGujz{_0i(R}s%f?4)j;Hfe+8d>@a3x?-ZK3o{Bu0dlidB6;NQLlo6yUF
z7r!d_%VZ4`+8K#ov=d=pz64%OJcE|&{(^4cMU+p3rRgM23PC=M8J+{x&wGAtAmF97
z_hIs86Z?roKLTb6d<nis5<&cor2mrDTT1dbLVT~|on*e6QGjnx)V(KUa6&PotxM0D
zy~drb@2Bp`!X~3G@`ssDDk~~0_$@x<;{9nKFTRn2=l&VA+bDG>r}-5Mo}Zs5eatpA
zInwkTeD$Za2H|?BVJEffdS>ct;DuWNFJ3rS?M*1Bfq(eJUy-N9-@f^AdSmLCNcwti
z<{=IEm%lvm2Lb&4``?nvo1s=a`TMJBvNyNUgX33ksPJZIFG|~T65vhuG~=6#Z@-;e
zuL=LNoh$2Y+X%va6@SG>4xFQvB2iaDzz<HM9!L`iN%K&kg+Y-ki48?EJfsNdkMB3T
zyboJ$6`?@5fMIFR*_qjIzFE>f`HJSo@ak9F+qx4kCyvCCe#ib~mzV4u0!G2|<m!Oi
zhn6AR7z)m-Pk1vN^v7y{&{v<S<E(Y9hkUOe($-;4(5hroFihv#J9$J!7s5P=SqL)E
z`_oxpRaN?FZXVE2tx|ZP8|1hS7l)Y}8<%xI26PNou5G(}`s7q_PwOfqX_MySc}mZ+
zy2+O4X$gs`Bp+Ds$5M;3_PNJ;pIMjOsu4QKb?)zMIjAqi1c~^$_IODviw0RZ2>I3n
z+V}@XSzoO4$HaCh2wTn%KrQA09x#LXgvRYTi+~ORViMrSfmTcgP;tG`avj}1Fwb{)
zmWkR={2)TTzH=>;t+~T}ojNgST>zbkUiyx+(1N;>P~mzY7zn_ICp8j3pE7S~^VYhy
zvhRYpq$8*fgqGSX6|$#Nb9zcsDxK?yFdaujNc|Q_<eJ1!;Afo$_qSF!-+JL;5o;%4
z2Rd-F<vsTID=AP`zSJG;KF=?nEk%_g&&>ssUj?2k#RF6w1JUkJa+GYT*lL;Wg{5?#
zv#q;B1EhX`{Z_0DJ5yvku)XU%g4wu;PTa&adyDuP^RQptfu2}w9~%GxA9DB}5e@FW
zw-8iGlQcT^0uEn#Gynak`MaABzg@q3HNWZ#)tgqJFKtebAkp&*y6Y<2UBN!`IptI8
z^0c6wK4h|-zld=r&d3b#dv`1M_Zaqr<8B4RO*itS68wvNq+4Ax5$0AlB=ILvHE}c{
z#L9;_P_B%|$9Q4qXRQ4O7Rc|l?tP8By2g)o6$zh`DP2(X{Un$rCtoHZ6T?bf(&>g3
zwbXKq3@i2m#R(P#Hn)m7a<YRQO&*qb@S~DG!I<UJf3pNH`-x^d{<hKfXf1gV6xu}n
zVA+EF1a`CsX$Gl_+w7R?qBs!YCW|-^3*vNBi{`+mK+p-DGIqY8y^|fFNI0&CjrI(i
z>rUiRGkrwjgrq2ORS4sOHGwDw5=eO%Le!ucJqmMnved7B<FBYAChSF?+-&I_7NEDm
zcatGy{H-cRBnl?CQ}j<O%9#UPqUYBJOC@!eIwF*`rQtcP*}7%~{OsATZbF{*4UnGu
zF<Z%XLSS3+Y6k-vGRd(>+BlJw>^mD>f5)PTlT*pPB1aEH?jVHrgH0~$$|X&+$>g>n
z!s>-OjILI)YEsQEn+`(F@WAjb4@5za9AhKn1|(%f=GVT+uLw%m;+NO#kB1NBd1>&r
z*8myzfcl6aWo)2t_WhS;{}tJDV{3a|eOxJd_E%ZsxWE4ytFzH;JRQ*epE{aN+xy>h
zlv|MPWNV1`zoyOae~yNuoc%}Q{qM=7z5hK&`LCD07nHG4D&dMtDAy0!#}6-ibMhj(
zT3GAm8o%ITJk9!u<SZ<@g|bAREy;SoV&|iV8@htH;<`2+YwAkl&$ZzT?Zuc0`X|~}
zQ*Aoa46ZFlnlaG0-Xi|LDK+%x<ZIju|5elvN5jdm#s71ZJLvC8*0>Y@)mdi$p?v>;
z+`j*RmhwNqe@tNqF7x^4$nufPnxVVnzO5gw%)Oy9E6A3JkUJZzbwB(P(v@SJf8v{>
zP+ui>-Io0yUBu;l<k)=2?cgiD0dm~?ANl|PppIJnKTj#zKfbm&u^-&u{v)Cbt^LnX
z>g_LXt4_9t<bSi{?XM07<I#6a6*p&=V})QPrxhtH-?;tT(w4Tgr7hoP`3Fs%95Vn=
F002DRBr5;_

literal 4923
zcmV-B6U6KviwFP!000001ME6!v!hma{@VNs-0sPY&Ai9HC?30l5St_r0<^$ns*4@O
zDprBx{~o07cI+N|x{|aznW{cj?_I<>+;i^P?}ecC;4gk>KxUvx@-fcv{`j~?35>!}
z6sIWc3j{@Q9Qy(!e{aF=&^4`7gWwl+S+@U(?nC&0QV3@IKl?%GbXoh_o!9uf3F<!a
zg68A#xEq)vi2sKD35v$Q0FjR;!f(T8`@>BW|E@XU5&!gu;vXk)97i#Pn(dFG82LH=
zKLxzA|NQqlE}Qms-8iq)V0^AR_ha$+K>VW!O}%G-@;-cy|4#t3-JfQYgX|1TT%8;a
z9X*V{|6H+qc6q-Y?N>`fTVAsW*+v8|pSNV<<EwBK`k~G7^lB8mwUm*q6epe8ACU{8
zlhFQ{Sy606mX;c!x$X>3vD1r3bBm>PggJk`P-0h*chPPgr+RuT3@*{V4&$&6Rw%Do
zK}U&J7q<(&J+-%E-%*EVJTmA&_*-4>HY~fo$lhq|rSp#CXxi`VT0C+5d2?KAJ%U_z
zmmRj*al?kWb!HV8*ooNd6C%WrxFs*ESP!luX0~!6tkEP!E;$dcr7OAg{6_7g4(9Qw
z+qkHV8N0o^LpK+Bcdmm?&u;u{LBPRMU-vyFHCzhEc~bhD<5di+v|Adgx;rd%NjgRh
zgpp`+^wjcFJ7aguT1d((v{|h^eoXkW_gj2gIJ`OOu45kYr73bjAu7XkIN@WExh^&t
z8)c&HAn<$NEL}M}HPJB?pipa(9fdB}h$oozez|iO<W1*$o>_bAoQ}(2zkwR^dJ~|G
zb8kT;ZxW7NG3%9^8<$ghg+tuy^Am$u7h9`uDT3VWa>%SrdW<{V<y%H_x7+d3n0WIY
zc=!K*bFwNaf~Poe{48i1;Q!itKg0hP{x1IqK1P!0;$8zj7LP~%|NFfEQ~jrK{Js27
zP#E$#|9=X2y2FweWfk0MylNN{sOj>NHF<EuTMsPY;>*k}9<`yi&uQyl9`%7;ie&HR
zhx;Y(=8MkWv+v+uH&|u3|8FM`i(2~x>_^o++;(>&Zn-B{aW75`i(A@J!ca!%EWd9i
z%BtCVb#rxJf%attdBJ^-b)p!R8eI6R37n&!&-y=|6u1k`<z2S)lu(FnmqRTlomT8F
zd^)I}R4pKN*GAElv_0Vy0=i0fBI9bq%8wR@&^_Pyb&Ns4q*Y17HJZ>0$V76<io6kb
z`2=a*ySUC;r`zD1$ZUIxGwY-`_F0|S{deC157qMO>bKSYN$mfR;{RjyfFIib&Efuj
z|3{$2=lK5=aPR-#n*7lNa&LOT%wEZ;YVzd$o-F*j^Z%Off9@0hx!||<e;<>_2kJkG
zkl6e6pFrr(@&75{cdY-*>{0*yN2T@(K#d=$VSe~dXz}cDxC~BZsT{FWM`47l!XI!Z
zcA2f+lAE-;iL9Y=H^Qn@8uev}55g1>?2{}XN^wQ<1v0v6bP;VC-wpj<N5i3*_nPwQ
zW~|CpV%fZ{*ho~S=WQFcbwBNjEemHlG=+d?K_gmwN0;uht&)YRx04LS*d`InS)-(+
z=@OlysDp5qqHb9f3u9)O^g@-Va%z)H)NsAx0x4zLi>%{$Z?Uw(IDxEzIGnF>o6^Sm
zX82a=%VeyLI@RsZlDl$=ZGTgVZIUkxHNB+b)EeaotTGBu>VYeq3excCV7N3C(`=;?
zc6pVI%!v!i-bROuX=d6%zoC|<wViKe=anN<SW{=V8^!>6^<8#6FO@P@YTWf1_!RRD
za>7#79}c&usBRZUL4}qnsuQ+okmRC3*tsZN{6LB0`dG`t`38i=MEk3*-5b8NJU|F*
z=5XL0^zBXK&Yay5j+AnJy>l8ptoAu`E;+7@x;@P8F)}UDYSZHj9N3asuZl8eQjD#t
z%E?jIC$17Kx5aMTaEXm0Q_}o`zPC$>svQPMGEqf~e|Z)G+?`EavWg%x;`OxJcdLsR
z&pX#O?y0bRf;r3$jB4ZQ5r5e?fw&=ei?gA{Qb8_H$Al9$%Lvke^+L%>S-$0lIyGB_
z_s`54nLS8o4iUu?xu}b#=*ye6Fw)l6p_!=~2aP<04UUW2oF#DK1kpfcOzZP>Ud2eu
zCq&7zxe`z7HS2qXyzN^I>KfaUb+0<45NsL>rO;MMY}tAe$z3jnwi_=c4cMO~!s>Hn
zCkRyO+B+oi4#jCB89U2l(x6U-8#Z7NM>A%?5mkS<*fP0n=)+Zs$e<;z3|nDWAiOLH
zfzKhh42F#fiOwcQs#9r0xj_i>oLfzl_x#gpqTS-OJ`Py2YwHbpI^jg%6sJMS26H0=
z=4OH6p@x>arV4GPo;^Xa)|6*WD^+*HHFa!zSCz|2YcrC>7U(W+lA|*&kIb25Abd~P
z2fhIG;i$DNPxg2r@CIWJ*^s-P7?W&GO?l0qsl&P#C^ovv+f*A;wX-*>W7G@SA0gYF
z^h8ae9uQ5_6!HsqjIR1gr2WRg2fu0h&F-cJkDQ{+`Q_mj?8(PZL>fv&haFOkS>>VQ
z-OdZTg@Ez8cEp9VfdYFJM-HDjn?LkN^*qI>Xsk9%K^?{ZWKnFFY8SoniR6+`5y^=c
z5h>$aT3#8o0q7iWbFuJlt0_R~KnVF8a@lvCYWXrcM(GmoSW3g1GYQ*dP-KGYP?_sB
z1-YxPG=*&V$%$iN$7qXjoKj_joO?tb5Mj5?Yh%L-D2kR^E6aS_FBNh->^xJ_u3Lr}
zG3J^~%w<W)K9pK}Kb`;vFXSRWZcFBjUR^V|*prr@IqGoG5-vwZVt?7&+lz?}+naPg
z%LO88nvx{pNkDF4x=4`VfExhJcZADIL#=4aFrWj@uaKpEGzCiAwD{Fewni%-D@BW7
zU!(RNz9qZ3kBsvQ=lueX_wFXL4d7O!r#-YYRcu1Aj3|>%+;)*J*aM@>mUyY{1?i#E
zxVUuFvXT^4o^#rHvPG7Qq3|puz0putKvZMO=7$x(Y__ZXusx4xW4rKvaNuyVFOw~!
z%Q~VDJ+hAiE41m=`iwz+c3G_|2#-R;zB>ibqd|T;Rv~I(G{59!#4!>?CRR7u8>eDp
zVyQ2Y8sWI1chj|yyN;ZD#9TNodWxb15uH3jRe=>Po*}HDO1PdFf4ewbAPL7j+$gc0
zS4`1Z7^|Zw^(1QTuRS6X)YXwnMq?WLS}gI=I_;9w2i6DMg-$ouATb(KD^Yd=$}2m&
zT$#Hp>Dq0aug#=GmfK?-aYUZ$NMr_SX-2wS=JsN7k(f3BSPkiOU$iQcfL&TzTuYWX
zF5%ehorq<qrN3rx+bY_5nUZ$pqrmQ0i(WGKr%k-5YjrTCoB%|l*oP61*Uiyg=G^Xh
zP*qfc_W{&eat+;}6I9Lf$cij$%LR>{`2Z!h<d)Z?c7KW?_PoB31VFpaIV9PeEa&A!
zUxy&TcZN!;-Ly)={3xM=g*SF%i8O;!C^E(ec{kCACA?l#y(=SoX1rK6PzV{lfJT*t
zt+<pAB-=Osez&D`T4I7T>BDQ%R4vIdcdi=_TN7iM)OPpRwZh*U3ZF_?^;Q9}%3ACe
zQ|g*cvwj>Q$nGamQ1wAlz55CFTs0KV+38*C=tY*0RSmltA&_FUK*gy%G3N`61CfqS
z!noiUmz2-1R&b`>eM92cWdNx#l~?_unm9ft1J^%>Rb|<;hXzw>H@XtVi|8h;t3p!%
z$%m&Z8Jwvy3u(XFl-9Lu$f03avzP|PBpYu<<vP?{P<>zUdCIaFHq^w4%TF?Ux~|SP
zbCH2+jjv@kI?MEdVrqD;&mE1ipv~j8*-#6tb)=A9R=VZ%e6(m9#oua-dLFZkkw{ms
z=EjH;4mhwM`Sre_LVOM1yRD@@y4V8Qi$ddxS!Ww)X`h7D6_1lQ{Qo(Q_za&I?)$&2
z^qlP3|J~jJKi>a-@cRz}qX~?}vB&#giX=Y2|NRv3bNjzLu6e$z<RdQj1NNs$ntadx
z1W9~8|NA8H)t9iF6mSy*z*itwR%4w+aSLJyhJjD_0sk|YJ6>KTGv3fv=cjGr1w|7)
z$$n6@Ntgunzk-Tv0>F{i4SA=2_Y!%gUf!qE13#$)uLYadFS{0W3LgyWx~v<pEkUm=
znlcMOrvYp4`Qd}0Uj_|Wlr5N*(M&$JaZ*G;a0@&T{T}v%9)9-}_Wi%005Fq9K@C1N
zE%@pO<g2f~fqw*FvX8?@aGMm}4SeU*;QiaCrmdX{>|ec=6m-Y8Yn#Q*(^*&$Zu1I$
zp2=o~lzmn?ZT#J<KY?K~iw@`WdK~a6cW!=AwJ|trs2!^S^ueb)A^68{;OB4tIRB`-
zng3Jy79E05g_8&1H_uL$&XYdR4)+{Q;L~GWGuH?9habUz{}%j@hrr+y3VwappcG^k
zSkHPZ^ZOdYvId9BdEInXl_j22ywPdX#Nhp_t)K>K@9FLLTl1a3uZswL1oJ%EY`&oF
zDo_pDp{!FdDcYc(cS}J7Bq8`$@F@gezWU+qqJM;c$>(|2d-xLk+qYmF2L<rrR~3Jn
zy<uj1XA+j(EZCPXffw_dLC5#slN)%E6tiGiHmj3DkPmZ)?}_S{m|r6Vf~*NXEZ*J4
zeiAWEfV&311b-$HLHt6b|I*c4Ns2d0{2Ah%X1=<!0N;L5_cJAfGmAUhrV6}!)cAMr
z`w2aJ*zDA0@o>}GWM%C{zqJmv{Q0zx2j6HR@c#_DU6T28(EN%7&(F`ZJ?=g<2hw~W
zeD$ZS0pVtBU@vo;=Dw(}ffs%Wym;X`O)#^Z3IFhizameIzkT!L{KSlyMf&<a+(}yS
zFMoOBcLMnR_rIl;H>6HC$NQ^!vNu1I$BJLQks`PUds(@TmjZ9l^NepUzWw$-2JL^g
zZ*4tl8&SBg_*YCxwN29EfXzZ;X&-W{Qnis#s=T#Y4fbHBH6F(o2>(9cnK9Ua*^5fh
zM)8r*vU5Fi=A7?*GdA;+&lt@8q<OYg#N%>09TIo+JN6H|xM1f{u*jw-HwWB4m%gcE
z5X5Urcr)nRL&xsh&NF9N)rLG5E56>=4r+=XYGxF}a4K4w5Y<fx^9*Jo$vn45W7}~Y
z`W&zB)2GoWBI7<eZY*>#3xBRy_hUw3FjG;aR`e}Cz&)>Pk*3EiSB|syEUUX&5<M*;
zHLcAT*86R*#tKuBu-+%uCAT^X9ppOqceWbT@8tx8__g|SN?B!tDjnovkpOMdHKS8s
zY4gX#b|?wU_*bA7O8^fTA$UUlR)Q5khYUFha1+BS0RyP0B$q1Y(V8WxTFL;W|B1Cu
z^?a#hz(Ns=lv5)Ht81Xs*^4g)%O%XUNfjyq!9W7`6JwF``BZRCi<e<zp{+n%wmql}
zgqG?L3QS9@A$s<Pv^p;f!gPd&*7`k=NCm`C;AfqQNEb4HyGZi&q_j@P))a82<^$IE
zCmGNbzTz=fU*{Lkrn<;7anqnqO=qj4^$KLhr;(uNb1>$W9$5E&#LQqi8(6#HcQ_*!
zc7KXwRa2FFUU`n*XPyeSP)k%`%^zOA*E7RQC@-$rO2t28(}m7$BET>!N$id#uojPD
zWmfKP1bBf5#$tthh~QXBq-5F$>RtMffF~}NJG*9{UOpw;Jl$Eejk#p}FY(Zgi!vXq
zUoDK@kFl$8=Y{6ITLqsSP=Z~S(mkAWqs)yQ$)M84gv8vm60;QQz-T5%-^DjO?=bft
zuxx#;O>c4B*0g-!YZ*`_{H&8milB-?P6*G4L4Xj$j0yVp{7CS)NT`~=g4~0+Zw!Yu
zCdlj{Gnol?k>@Z#cHBpI#_UwblV)?iriK`>S0u)CdtR{v4@WGy>9UUz4N*u46^Lky
zP}_oicAG9(FKq;LU3WBDZ|b%wWLvUOL4hdkMT!T|C%gt4iL}h9wMGEnsW@!l!$JW9
zM{8RiwhTk8dN<z#An=>c2Sv>DT*QERJDb-|1~p=jGyhFp^seueq4!}SJ3RQY3#-%Y
z4-MTjKa~lR882dgZqNyuG9sK|s?Pv~L~Qc=8}|24bYh_pXde9y0EzubZ4745VQ==!
z=i~mXPk2XbAHtRDp4WVpIrJsZt-t>mI%9V{9QDy|;JD*ad;fP1xdAm!Hiv%yXLS7i
zKX>5P_TSa-|6X3U_kZV*|9k28h!{JOL8UJtRGPDof4%CxB`>0*WypgNf8b(b%le5x
zOeEbxNPW&Sv@Bz#^HIe$9YL=I_eMj{nR(*5H+bQ_7&6URblq&^jmDlYys7K?eNXU*
zfTrJ`G*F9^&v7sOcThfX2bY5u|IZ<}P|K6daV!2i<7)p0=Kb&X`OkUe0pLG|h%&`e
z@u`q0&WS;;mLiS#`YKrY4wG3mMS*jvKMU>rb52)I<=GDZSr)amO4of5%=+69eK}ji
zkywf-`$}&B-0k^){rCTl+v5LuWOx6|D}fXH!TtB&CA!e={~4rt|MgAK$>uQpZ+!Rt
tcl!OI`vY_It(1&q4pwqnl`8qp_rH}^T4|+~R$BS~<O>TcL^=Ra000nD&d~q>

diff --git a/overlay/etc/local.d/headless.start b/overlay/etc/local.d/headless.start
index e7c783e..aea263e 100755
--- a/overlay/etc/local.d/headless.start
+++ b/overlay/etc/local.d/headless.start
@@ -94,10 +94,6 @@ cat <<-EOF >> /etc/ssh/sshd_config
 	Banner /tmp/.trash/banner
 	EOF
 
-cat <<-EOF >> /etc/conf.d/sshd
-	sshd_disable_keygen=yes
-	EOF
-
 # banner file
 cat <<-EOF > /tmp/.trash/banner
 
@@ -107,6 +103,7 @@ cat <<-EOF > /tmp/.trash/banner
 
 # bundled temporary keys are moved in RAM /tmp so they won't be stored
 # within permanent config later (new ones will then be generated)
+KEYGEN_STANCE="sshd_disable_keygen=yes"
 mv /etc/ssh/ssh_host_*_key* /tmp/.trash/.
 # inject optional custom keys (those might be stored)
 if ! install -m600 "${ovlpath}"/ssh_host_*_key* /etc/ssh/; then
@@ -115,8 +112,18 @@ if ! install -m600 "${ovlpath}"/ssh_host_*_key* /etc/ssh/; then
 		HostKey /tmp/.trash/ssh_host_ed25519_key
 		HostKey /tmp/.trash/ssh_host_rsa_key
 		EOF
+else
+	# look for empty key within injected ones: generate new keys if found
+	if find /etc/ssh/ -maxdepth 1 -type f -name 'ssh_host_*_key*' -empty | grep -q .; then
+		rm /etc/ssh/ssh_host_*_key*
+		KEYGEN_STANCE=""
+		logger -st ${0##*/} "Will generate new SSH keys..."
+	else
+		logger -st ${0##*/} "Using injected SSH keys..."
+	fi
 fi
 
+echo "$KEYGEN_STANCE" >> /etc/conf.d/sshd
 rc-service sshd start
 
 ## Prep for final post-cleanup