guest: allow external configuration of authorized ssh keys
This commit is contained in:
parent
68cda2006b
commit
038d252f7d
|
@ -9,6 +9,15 @@ in
|
|||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
sane.guest.authorizedKeys = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
description = ''
|
||||
list of "<key-type> <pubkey> <hostname>" keys.
|
||||
e.g.
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX colin@desko
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
@ -21,9 +30,7 @@ in
|
|||
group = "users";
|
||||
initialPassword = lib.mkDefault "";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [
|
||||
# TODO: insert pubkeys that should be allowed in
|
||||
];
|
||||
openssh.authorizedKeys.keys = cfg.authorizedKeys;
|
||||
};
|
||||
|
||||
sane.persist.sys.plaintext = lib.mkIf cfg.enable [
|
||||
|
|
Loading…
Reference in New Issue
Block a user