home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 73bde868f5f8d72f018de56ec64ef6ab20b00ac4
parent 8269a29818e3871392d09c0a32bbc52d3fec1c4b
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Thu,  2 Sep 2021 15:18:41 +0200

users/root: add authorizedKeys

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Musers/root/default.nix | 15++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/users/root/default.nix b/users/root/default.nix @@ -1,8 +1,21 @@ { config, lib, pkgs, ... }: -with lib; { +let + inherit (lib) lists attrsets mkIf optionals versionOlder; + secretPath = ../../secrets/machines.nix; + secretCondition = (builtins.pathExists secretPath); + + isAuthorized = p: builtins.isAttrs p && p.authorized or false; + authorizedKeys = lists.optionals secretCondition ( + attrsets.mapAttrsToList + (name: value: value.key) + (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh) + ); +in +{ users.users.root = { shell = mkIf config.programs.zsh.enable pkgs.zsh; + openssh.authorizedKeys.keys = authorizedKeys; }; home-manager.users.root = lib.mkMerge ( [