diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 15:25:35 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 16:16:53 +0200 |
| commit | 877f7bf7a17f44bd17dd1f0bbfd88abdab67ad72 (patch) | |
| tree | c47e5037b7071696a9abfbab2c99281885ce36b5 /systems/dilion | |
| parent | ccae7987be59b8a30e98f0429bd78479f6f7c7bc (diff) | |
| download | Nix-877f7bf7a17f44bd17dd1f0bbfd88abdab67ad72.tar.gz Nix-877f7bf7a17f44bd17dd1f0bbfd88abdab67ad72.tar.zst Nix-877f7bf7a17f44bd17dd1f0bbfd88abdab67ad72.zip | |
Hardcode ssh keys for normal login
Diffstat (limited to 'systems/dilion')
| -rw-r--r-- | systems/dilion/base.nix | 2 | ||||
| -rw-r--r-- | systems/dilion/flake.lock | 4 | ||||
| -rw-r--r-- | systems/dilion/ssh_ldap_regular.sh | 19 |
3 files changed, 2 insertions, 23 deletions
diff --git a/systems/dilion/base.nix b/systems/dilion/base.nix index c2778e3..9eb176c 100644 --- a/systems/dilion/base.nix +++ b/systems/dilion/base.nix | |||
| @@ -69,8 +69,6 @@ | |||
| 69 | ]; | 69 | ]; |
| 70 | }; | 70 | }; |
| 71 | 71 | ||
| 72 | myServices.ssh.modules.regular.snippet = builtins.readFile ./ssh_ldap_regular.sh; | ||
| 73 | |||
| 74 | imports = [ | 72 | imports = [ |
| 75 | secrets.nixosModules.users-config-dilion | 73 | secrets.nixosModules.users-config-dilion |
| 76 | ./monitoring.nix | 74 | ./monitoring.nix |
diff --git a/systems/dilion/flake.lock b/systems/dilion/flake.lock index 8accc4e..7301a99 100644 --- a/systems/dilion/flake.lock +++ b/systems/dilion/flake.lock | |||
| @@ -605,7 +605,7 @@ | |||
| 605 | }, | 605 | }, |
| 606 | "locked": { | 606 | "locked": { |
| 607 | "lastModified": 1, | 607 | "lastModified": 1, |
| 608 | "narHash": "sha256-Xr6wtT00fyC0QhwHb6+nHcwlSPlHBShzPNZFxBaC83Y=", | 608 | "narHash": "sha256-NufDaV9j3eKqlJNs09lqytKDTuwjh4Wh78mOEyID05w=", |
| 609 | "path": "../../flakes/private/ssh", | 609 | "path": "../../flakes/private/ssh", |
| 610 | "type": "path" | 610 | "type": "path" |
| 611 | }, | 611 | }, |
| @@ -640,7 +640,7 @@ | |||
| 640 | }, | 640 | }, |
| 641 | "locked": { | 641 | "locked": { |
| 642 | "lastModified": 1, | 642 | "lastModified": 1, |
| 643 | "narHash": "sha256-gxXgjqYGC3Nv6g42OOdU1d+HideZ4vXBZbbpBjlKsvg=", | 643 | "narHash": "sha256-V/T6CB1328uHUHNof3OFeqrDH8C73Dw8hVhpVvjq684=", |
| 644 | "path": "../../flakes/private/system", | 644 | "path": "../../flakes/private/system", |
| 645 | "type": "path" | 645 | "type": "path" |
| 646 | }, | 646 | }, |
diff --git a/systems/dilion/ssh_ldap_regular.sh b/systems/dilion/ssh_ldap_regular.sh deleted file mode 100644 index 4c2f47e..0000000 --- a/systems/dilion/ssh_ldap_regular.sh +++ /dev/null | |||
| @@ -1,19 +0,0 @@ | |||
| 1 | ### This snippet is not standalone and must be integrated in the global ldap_authorized_keys.sh | ||
| 2 | LDAP_MEMBER="cn=users,cn=ssh,ou=services,dc=immae,dc=eu" | ||
| 3 | |||
| 4 | ldap_search '(&(memberOf='$LDAP_MEMBER')('$KEY'=*)(uid='$user'))' $KEY | \ | ||
| 5 | while read line ; | ||
| 6 | do | ||
| 7 | if [ ! -z "$line" ]; then | ||
| 8 | if [[ $line == dn* ]]; then | ||
| 9 | user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line") | ||
| 10 | elif [[ $line == $KEY* ]]; then | ||
| 11 | key=$(clean_key_line ssh "$line") | ||
| 12 | if [ ! -z "$key" ]; then | ||
| 13 | if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then | ||
| 14 | echo $key | ||
| 15 | fi | ||
| 16 | fi | ||
| 17 | fi | ||
| 18 | fi | ||
| 19 | done | ||