mySecrets.keys = [{
dest = "ssh-ldap";
user = "nobody";
- group = "nobody";
+ group = "nogroup";
permissions = "0400";
text = myconfig.env.sshd.ldap.password;
}];
system.activationScripts.sshd = ''
- install -Dm400 -o nobody -g nobody -T /var/secrets/ssh-ldap /etc/ssh/ldap_password
+ install -Dm400 -o nobody -g nogroup -T /var/secrets/ssh-ldap /etc/ssh/ldap_password
'';
# ssh is strict about parent directory having correct rights, don't
# move it in the nix store.