util-linux inclusion in pkgs.proxmox-ve paths somehow breaks tailscale ssh

[Patricol]

I wish I were nix-savvy enough to know exactly why this is happening. Tailscale's SSH feature intercepts SSH connections on port 22 (when those connections arrive via Tailscale's network) and sends them to its own binary. I've had trouble getting it to work on my proxmox-nixos hypervisors.

After bisecting my entire nix configuration, I narrowed the setting that breaks Tailscale SSH first to services.proxmox-ve.enable = true;; then to the environment.systemPackages = [ cfg.package ]; line in this repo's modules/proxmox-ve/default.nix; then to this line.

When that one line is commented out, Tailscale SSH always works. When it is not commented out, Tailscale SSH always fails.

Please let me know if you have any intuition as to why.

I see that util-linux was added in support of the toggle-able linstor functionality. If we can't figure out why exactly this is breaking; maybe we can move util-linux into the conditionally-included list? (like this)

[Zocker1999NET]

To me it seams that Tailscale’s SSH functionality depends on certain binaries being available in the system environment. I conclude this because the package you mentioned subsequently adds util-linux to the path of the system environment.
So I assume (but have no time to test it for you) that Tailscale SSH also break with just setting environment.systemPackages = [ pkgs.util-linux ]; in your case.

Because you did not mention how Tailscale SSH breaks (e.g. error logs), it could theoretically also be an issue with the SSH session handling (e.g. opening your default shell, loading .profile ...), which is expected to rely on the system environment. But any internal behavior of Tailscale installed from nixpkgs should IMO not depend on any packages existing (or not existing) in the system environment, so you might give it a shot by reporting this upstream to nixpkgs (esp. if my example above without Proxmox also fails).