+ deployment.keys = {
+ ssh-ldap = {
+ user = "nobody";
+ group = "nobody";
+ permissions = "0400";
+ text = myconfig.env.sshd.ldap.password;
+ };
+ };
+ system.activationScripts.sshd = ''
+ install -Dm400 -o nobody -g nobody -T /run/keys/ssh-ldap /etc/ssh/ldap_password
+ '';
+ # ssh is strict about parent directory having correct rights, don't
+ # move it in the nix store.