X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fssh%2Fdefault.nix;h=beedaff594fd46550e857699f79da676af12d426;hb=a1a8649a2be768685eb04c246c114fce36b8096f;hp=ece4b9ff7518293967ca713d31953dba0c45c244;hpb=742697c95318d3625298437995e948ee00a00ba5;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/ssh/default.nix b/nixops/modules/ssh/default.nix
index ece4b9f..beedaff 100644
--- a/nixops/modules/ssh/default.nix
+++ b/nixops/modules/ssh/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, mylibs, myconfig, ... }:
+{ lib, pkgs, config, myconfig, ... }:
 {
   config = {
     networking.firewall.allowedTCPPorts = [ 22 ];
@@ -8,21 +8,24 @@
       AuthorizedKeysCommandUser nobody
       '';
 
-    mySecrets.keys = [{
+    secrets.keys = [{
       dest = "ssh-ldap";
       user = "nobody";
-      group = "nobody";
+      group = "nogroup";
       permissions = "0400";
       text = myconfig.env.sshd.ldap.password;
     }];
-    system.activationScripts.sshd = ''
-      install -Dm400 -o nobody -g nobody -T /var/secrets/ssh-ldap /etc/ssh/ldap_password
+    system.activationScripts.sshd = {
+      deps = [ "secrets" ];
+      text = ''
+      install -Dm400 -o nobody -g nogroup -T /var/secrets/ssh-ldap /etc/ssh/ldap_password
       '';
+    };
     # ssh is strict about parent directory having correct rights, don't
     # move it in the nix store.
     environment.etc."ssh/ldap_authorized_keys" = let
       ldap_authorized_keys =
-        mylibs.wrap {
+        pkgs.mylibs.wrap {
           name = "ldap_authorized_keys";
           file = ./ldap_authorized_keys.sh;
           paths = [ pkgs.which pkgs.gitolite pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ];