commit 73bde868f5f8d72f018de56ec64ef6ab20b00ac4 parent 8269a29818e3871392d09c0a32bbc52d3fec1c4b Author: Vincent Demeester <vincent@sbr.pm> Date: Thu, 2 Sep 2021 15:18:41 +0200 users/root: add authorizedKeys Signed-off-by: Vincent Demeester <vincent@sbr.pm> Diffstat:
M | users/root/default.nix | | | 15 | ++++++++++++++- |
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/users/root/default.nix b/users/root/default.nix @@ -1,8 +1,21 @@ { config, lib, pkgs, ... }: -with lib; { +let + inherit (lib) lists attrsets mkIf optionals versionOlder; + secretPath = ../../secrets/machines.nix; + secretCondition = (builtins.pathExists secretPath); + + isAuthorized = p: builtins.isAttrs p && p.authorized or false; + authorizedKeys = lists.optionals secretCondition ( + attrsets.mapAttrsToList + (name: value: value.key) + (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh) + ); +in +{ users.users.root = { shell = mkIf config.programs.zsh.enable pkgs.zsh; + openssh.authorizedKeys.keys = authorizedKeys; }; home-manager.users.root = lib.mkMerge ( [