diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-03 10:21:20 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-03 10:28:10 +0200 |
commit | 7e6f1fb434797b4ffaf7eefa4a69825ce884fd20 (patch) | |
tree | 893278685ae318b918efbe474bd470a79df5d5af /nixops/modules/ssh/default.nix | |
parent | 33aa7e5c92daffce2f09639eb57cb995754fbd6b (diff) | |
download | Nix-7e6f1fb434797b4ffaf7eefa4a69825ce884fd20.tar.gz Nix-7e6f1fb434797b4ffaf7eefa4a69825ce884fd20.tar.zst Nix-7e6f1fb434797b4ffaf7eefa4a69825ce884fd20.zip |
Move ssh to its own module
Diffstat (limited to 'nixops/modules/ssh/default.nix')
-rw-r--r-- | nixops/modules/ssh/default.nix | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/nixops/modules/ssh/default.nix b/nixops/modules/ssh/default.nix new file mode 100644 index 0000000..b28f6ca --- /dev/null +++ b/nixops/modules/ssh/default.nix | |||
@@ -0,0 +1,30 @@ | |||
1 | { lib, pkgs, config, mylibs, myconfig, ... }: | ||
2 | { | ||
3 | config = { | ||
4 | networking.firewall.allowedTCPPorts = [ 22 ]; | ||
5 | |||
6 | services.openssh.extraConfig = '' | ||
7 | AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys | ||
8 | AuthorizedKeysCommandUser nobody | ||
9 | ''; | ||
10 | |||
11 | environment.etc."ssh/ldap_authorized_keys" = let | ||
12 | ldap_authorized_keys = | ||
13 | mylibs.wrap { | ||
14 | name = "ldap_authorized_keys"; | ||
15 | file = ./ldap_authorized_keys.sh; | ||
16 | vars = { | ||
17 | LDAP_PASS = myconfig.env.sshd.ldap.password; | ||
18 | GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell"; | ||
19 | ECHO = "${pkgs.coreutils}/bin/echo"; | ||
20 | }; | ||
21 | paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ]; | ||
22 | }; | ||
23 | in { | ||
24 | enable = true; | ||
25 | mode = "0755"; | ||
26 | user = "root"; | ||
27 | source = ldap_authorized_keys; | ||
28 | }; | ||
29 | }; | ||
30 | } | ||