diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-22 20:55:28 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-22 20:55:28 +0200 |
commit | 8d213e2b1c934f6861f76aad5eb7c11097fa97de (patch) | |
tree | 23f8a2d5692deaeffffa1ab5f098b2d24b9e2217 /nixops/modules/ssh/default.nix | |
parent | a1a8649a2be768685eb04c246c114fce36b8096f (diff) | |
download | Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.tar.gz Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.tar.zst Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.zip |
Move rest of the modules outside of nixops
Diffstat (limited to 'nixops/modules/ssh/default.nix')
-rw-r--r-- | nixops/modules/ssh/default.nix | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/nixops/modules/ssh/default.nix b/nixops/modules/ssh/default.nix deleted file mode 100644 index beedaff..0000000 --- a/nixops/modules/ssh/default.nix +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | { | ||
3 | config = { | ||
4 | networking.firewall.allowedTCPPorts = [ 22 ]; | ||
5 | |||
6 | services.openssh.extraConfig = '' | ||
7 | AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys | ||
8 | AuthorizedKeysCommandUser nobody | ||
9 | ''; | ||
10 | |||
11 | secrets.keys = [{ | ||
12 | dest = "ssh-ldap"; | ||
13 | user = "nobody"; | ||
14 | group = "nogroup"; | ||
15 | permissions = "0400"; | ||
16 | text = myconfig.env.sshd.ldap.password; | ||
17 | }]; | ||
18 | system.activationScripts.sshd = { | ||
19 | deps = [ "secrets" ]; | ||
20 | text = '' | ||
21 | install -Dm400 -o nobody -g nogroup -T /var/secrets/ssh-ldap /etc/ssh/ldap_password | ||
22 | ''; | ||
23 | }; | ||
24 | # ssh is strict about parent directory having correct rights, don't | ||
25 | # move it in the nix store. | ||
26 | environment.etc."ssh/ldap_authorized_keys" = let | ||
27 | ldap_authorized_keys = | ||
28 | pkgs.mylibs.wrap { | ||
29 | name = "ldap_authorized_keys"; | ||
30 | file = ./ldap_authorized_keys.sh; | ||
31 | paths = [ pkgs.which pkgs.gitolite pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ]; | ||
32 | }; | ||
33 | in { | ||
34 | enable = true; | ||
35 | mode = "0755"; | ||
36 | user = "root"; | ||
37 | source = ldap_authorized_keys; | ||
38 | }; | ||
39 | }; | ||
40 | } | ||