Commit `73bde868f5f8`

Vincent Demeester <vincent@sbr.pm>

2021-09-02 15:18:41

users/root: add authorizedKeys

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

main

1 parent 8269a29

Changed files (1)

users

root

default.nix

@@ -1,8 +1,21 @@
 { config, lib, pkgs, ... }:
 
-with lib; {
+let
+  inherit (lib) lists attrsets mkIf optionals versionOlder;
+  secretPath = ../../secrets/machines.nix;
+  secretCondition = (builtins.pathExists secretPath);
+
+  isAuthorized = p: builtins.isAttrs p && p.authorized or false;
+  authorizedKeys = lists.optionals secretCondition (
+    attrsets.mapAttrsToList
+      (name: value: value.key)
+      (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh)
+  );
+in
+{
   users.users.root = {
     shell = mkIf config.programs.zsh.enable pkgs.zsh;
+    openssh.authorizedKeys.keys = authorizedKeys;
   };
   home-manager.users.root = lib.mkMerge (
     [

Commit 73bde868f5f8

Commit `73bde868f5f8`