colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

guest: allow external configuration of authorized ssh keys

Browse Source
This commit is contained in:
Colin
2023-06-28 03:53:19 +00:00
parent 68cda2006b
commit 038d252f7d
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/common/users/guest.nix
View File

@@ -9,6 +9,15 @@ in
default = false; default = false;
type = types.bool; type = types.bool;
}; };
sane.guest.authorizedKeys = mkOption {
default = [];
type = types.listOf types.str;
description = ''
list of "<key-type> <pubkey> <hostname>" keys.
e.g.
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX colin@desko
'';
};
}; };
config = { config = {
@@ -21,9 +30,7 @@ in
group = "users"; group = "users";
initialPassword = lib.mkDefault ""; initialPassword = lib.mkDefault "";
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = cfg.authorizedKeys;
# TODO: insert pubkeys that should be allowed in
];
}; };
sane.persist.sys.plaintext = lib.mkIf cfg.enable [ sane.persist.sys.plaintext = lib.mkIf cfg.enable [