T769 has drawn attention to a much larger issue than its own scope. It would be reasonable to expect that if configuration for some service is not present in the VyOS config, a config file for the target application should not be present in the system either. In reality, it's not the case.
Most scripts remove configuration files when their node is deleted from the VyOS config. However, there's no mechanism that would remove those files if configuration was not deleted from the config, but has gone from it, typically because the user forgot to save the config before rebooting.
Simplest reproducing procedure:
- set service ssh
- commit
- exit
- reboot
- After reboot, /etc/ssh/sshd_config is there
If a service is configured to start on boot (in most cases it shouldn't, but as T769 showed, it does happen), it may cause unconfigured services come back from the dead.
Since config scripts that delete unneeded files cannot run unless triggered by actual deletion, the only way to fix this is to identify all files managed by VyOS and run a script that removes them at boot time, before config is loaded.