X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fssh%2Fdefault.nix;h=ee5dda5c4eb32072ca03ca1df421dd918c223777;hb=fa25ffd4583cc362075cd5e1b4130f33306103f0;hp=1699104a370f914a8885374dfff39983b3a1a4a4;hpb=ab8f306d7c2c49b8116e1af7b355ed2384617ed9;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/ssh/default.nix b/modules/private/ssh/default.nix
index 1699104..ee5dda5 100644
--- a/modules/private/ssh/default.nix
+++ b/modules/private/ssh/default.nix
@@ -51,17 +51,16 @@ in
       AuthorizedKeysCommandUser nobody
       '';
 
-    secrets.keys = [{
-      dest = "ssh-ldap";
+    secrets.keys."ssh-ldap" = {
       user = "nobody";
       group = "nogroup";
       permissions = "0400";
       text = config.myEnv.sshd.ldap.password;
-    }];
+    };
     system.activationScripts.sshd = {
       deps = [ "secrets" ];
       text = ''
-      install -Dm400 -o nobody -g nogroup -T /var/secrets/ssh-ldap /etc/ssh/ldap_password
+      install -Dm400 -o nobody -g nogroup -T ${config.secrets.fullPaths."ssh-ldap"} /etc/ssh/ldap_password
       '';
     };
     # ssh is strict about parent directory having correct rights, don't
@@ -77,12 +76,11 @@ in
         substituteAll ${./ldap_authorized_keys.sh} $out
         chmod a+x $out
         '';
-      ldap_authorized_keys =
-        pkgs.mylibs.wrap {
-          name = "ldap_authorized_keys";
-          file = fullScript;
-          paths = deps;
-        };
+      ldap_authorized_keys = pkgs.runCommand "ldap_authorized_keys" {
+        buildInputs = [ pkgs.makeWrapper ];
+      } ''
+        makeWrapper "${fullScript}" "$out" --prefix PATH : ${lib.makeBinPath deps}
+        '';
     in {
       enable = true;
       mode = "0755";