Move secrets to flakes

[perso/Immae/Config/Nix.git] / modules / private / ssh / default.nix

diff --git a/modules/private/ssh/default.nix b/modules/private/ssh/default.nix
index d4c1ab3ffac3b8c462b4ca5139d40c8c351555dc..ca9b6fc34d525fb3258788a107c60c729cb9ed3a 100644 (file)
--- a/modules/private/ssh/default.nix
+++ b/modules/private/ssh/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
 let
   cfg = config.myServices.ssh;
 in
@@ -56,12 +56,12 @@ in
       user = "nobody";
       group = "nogroup";
       permissions = "0400";
-      text = myconfig.env.sshd.ldap.password;
+      text = config.myEnv.sshd.ldap.password;
     }];
     system.activationScripts.sshd = {
       deps = [ "secrets" ];
       text = ''
-      install -Dm400 -o nobody -g nogroup -T /var/secrets/ssh-ldap /etc/ssh/ldap_password
+      install -Dm400 -o nobody -g nogroup -T ${config.secrets.fullPaths."ssh-ldap"} /etc/ssh/ldap_password
       '';
     };
     # ssh is strict about parent directory having correct rights, don't
@@ -77,12 +77,11 @@ in
         substituteAll ${./ldap_authorized_keys.sh} $out
         chmod a+x $out
         '';
-      ldap_authorized_keys =
-        pkgs.mylibs.wrap {
-          name = "ldap_authorized_keys";
-          file = fullScript;
-          paths = deps;
-        };
+      ldap_authorized_keys = pkgs.runCommand "ldap_authorized_keys" {
+        buildInputs = [ pkgs.makeWrapper ];
+      } ''
+        makeWrapper "${fullScript}" "$out" --prefix PATH : ${lib.makeBinPath deps}
+        '';
     in {
       enable = true;
       mode = "0755";