projects / perso / Immae / Config / Nix.git / blame
| Commit | Line | Data |
|---|---|---|
| 7e6f1fb4 IB |
1 | { lib, pkgs, config, mylibs, myconfig, ... }: |
| 2 | { | |
| 3 | config = { | |
| 4 | networking.firewall.allowedTCPPorts = [ 22 ]; | |
| 5 | ||
| 6 | services.openssh.extraConfig = '' | |
| 7 | AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys | |
| 8 | AuthorizedKeysCommandUser nobody | |
| 9 | ''; | |
| 10 | ||
| 11 | environment.etc."ssh/ldap_authorized_keys" = let | |
| 12 | ldap_authorized_keys = | |
| 13 | mylibs.wrap { | |
| 14 | name = "ldap_authorized_keys"; | |
| 15 | file = ./ldap_authorized_keys.sh; | |
| 16 | vars = { | |
| 17 | LDAP_PASS = myconfig.env.sshd.ldap.password; | |
| 18 | GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell"; | |
| 19 | ECHO = "${pkgs.coreutils}/bin/echo"; | |
| 20 | }; | |
| 21 | paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ]; | |
| 22 | }; | |
| 23 | in { | |
| 24 | enable = true; | |
| 25 | mode = "0755"; | |
| 26 | user = "root"; | |
| 27 | source = ldap_authorized_keys; | |
| 28 | }; | |
| 29 | }; | |
| 30 | } |