Move ssh ftp and mpd to new secrets

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 02:18:59 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 02:18:59 +0200
commit: 742697c95318d3625298437995e948ee00a00ba5 (patch)
tree: 322bba0294512d71011efa15b84ef0c2134900a3 /nixops/modules/ssh/default.nix
parent: ccdd91a78b1a6ae757db20d757ba8674dd25e0cc (diff)
download: Nix-742697c95318d3625298437995e948ee00a00ba5.tar.gz
Nix-742697c95318d3625298437995e948ee00a00ba5.tar.zst
Nix-742697c95318d3625298437995e948ee00a00ba5.zip
1 files changed, 8 insertions, 9 deletions
diff --git a/nixops/modules/ssh/default.nix b/nixops/modules/ssh/default.nix
index 924f86e..ece4b9f 100644
--- a/nixops/modules/ssh/default.nix
+++ b/nixops/modules/ssh/default.nix
@@ -8,16 +8,15 @@
      AuthorizedKeysCommandUser nobody
      '';
-    deployment.keys = {
+    mySecrets.keys = [{
-      ssh-ldap = {
+      dest = "ssh-ldap";
-        user = "nobody";
+      user = "nobody";
-        group = "nobody";
+      group = "nobody";
-        permissions = "0400";
+      permissions = "0400";
-        text = myconfig.env.sshd.ldap.password;
+      text = myconfig.env.sshd.ldap.password;
-      };
+    }];
-    };
    system.activationScripts.sshd = ''
-      install -Dm400 -o nobody -g nobody -T /run/keys/ssh-ldap /etc/ssh/ldap_password
+      install -Dm400 -o nobody -g nobody -T /var/secrets/ssh-ldap /etc/ssh/ldap_password
      '';
    # ssh is strict about parent directory having correct rights, don't
    # move it in the nix store.
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 02:18:59 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 02:18:59 +0200
commit	742697c95318d3625298437995e948ee00a00ba5 (patch)
tree	322bba0294512d71011efa15b84ef0c2134900a3 /nixops/modules/ssh/default.nix
parent	ccdd91a78b1a6ae757db20d757ba8674dd25e0cc (diff)
download	Nix-742697c95318d3625298437995e948ee00a00ba5.tar.gz Nix-742697c95318d3625298437995e948ee00a00ba5.tar.zst Nix-742697c95318d3625298437995e948ee00a00ba5.zip

diff --git a/nixops/modules/ssh/default.nix b/nixops/modules/ssh/default.nix index 924f86e..ece4b9f 100644 --- a/nixops/modules/ssh/default.nix +++ b/nixops/modules/ssh/default.nix
@@ -8,16 +8,15 @@
8	AuthorizedKeysCommandUser nobody	8	AuthorizedKeysCommandUser nobody
9	'';	9	'';
10		10
11	deployment.keys = {	11	mySecrets.keys = [{
12	ssh-ldap = {	12	dest = "ssh-ldap";
13	user = "nobody";	13	user = "nobody";
14	group = "nobody";	14	group = "nobody";
15	permissions = "0400";	15	permissions = "0400";
16	text = myconfig.env.sshd.ldap.password;	16	text = myconfig.env.sshd.ldap.password;
17	};	17	}];
18	};
19	system.activationScripts.sshd = ''	18	system.activationScripts.sshd = ''
20	install -Dm400 -o nobody -g nobody -T /run/keys/ssh-ldap /etc/ssh/ldap_password	19	install -Dm400 -o nobody -g nobody -T /var/secrets/ssh-ldap /etc/ssh/ldap_password
21	'';	20	'';
22	# ssh is strict about parent directory having correct rights, don't	21	# ssh is strict about parent directory having correct rights, don't
23	# move it in the nix store.	22	# move it in the nix store.