1 files changed, 2 insertions, 31 deletions
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 752ef0a..9d32bb3 100644
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -6,7 +6,6 @@
  };
  eldiron = { config, pkgs, mylibs, myconfig, ... }:
-    with mylibs;
  {
    _module.args = {
      pkgsNext = import <nixpkgsNext> {};
@@ -25,6 +24,7 @@
    };
    imports = [
+      ./modules/ssh
      ./modules/certificates.nix
      ./modules/gitolite
      ./modules/databases
@@ -52,12 +52,7 @@
      MaxLevelStore="warning"
      MaxRetentionSec="1year"
      '';
-    networking = {
+    networking.firewall.enable = true;
-      firewall = {
-        enable = true;
-        allowedTCPPorts = [ 22 ];
-      };
-    };
    deployment = {
      targetEnv = "hetzner";
@@ -85,30 +80,6 @@
      pkgs.vim
    ];
-    services.openssh.extraConfig = ''
-      AuthorizedKeysCommand     /etc/ssh/ldap_authorized_keys
-      AuthorizedKeysCommandUser nobody
-      '';
-    environment.etc."ssh/ldap_authorized_keys" = let
-      ldap_authorized_keys =
-        wrap {
-          name = "ldap_authorized_keys";
-          file = ./ldap_authorized_keys.sh;
-          vars = {
-            LDAP_PASS = myconfig.env.sshd.ldap.password;
-            GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell";
-            ECHO = "${pkgs.coreutils}/bin/echo";
-          };
-          paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ];
-        };
-    in {
-      enable = true;
-      mode = "0755";
-      user = "root";
-      source = ldap_authorized_keys;
-    };
    services.cron = {
      enable = true;
      systemCronJobs = [

diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 752ef0a..9d32bb3 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix
@@ -6,7 +6,6 @@
6	};	6	};
7		7
8	eldiron = { config, pkgs, mylibs, myconfig, ... }:	8	eldiron = { config, pkgs, mylibs, myconfig, ... }:
9	with mylibs;
10	{	9	{
11	_module.args = {	10	_module.args = {
12	pkgsNext = import <nixpkgsNext> {};	11	pkgsNext = import <nixpkgsNext> {};
@@ -25,6 +24,7 @@
25	};	24	};
26		25
27	imports = [	26	imports = [
		27	./modules/ssh
28	./modules/certificates.nix	28	./modules/certificates.nix
29	./modules/gitolite	29	./modules/gitolite
30	./modules/databases	30	./modules/databases
@@ -52,12 +52,7 @@
52	MaxLevelStore="warning"	52	MaxLevelStore="warning"
53	MaxRetentionSec="1year"	53	MaxRetentionSec="1year"
54	'';	54	'';
55	networking = {	55	networking.firewall.enable = true;
56	firewall = {
57	enable = true;
58	allowedTCPPorts = [ 22 ];
59	};
60	};
61		56
62	deployment = {	57	deployment = {
63	targetEnv = "hetzner";	58	targetEnv = "hetzner";
@@ -85,30 +80,6 @@
85	pkgs.vim	80	pkgs.vim
86	];	81	];
87		82
88	services.openssh.extraConfig = ''
89	AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys
90	AuthorizedKeysCommandUser nobody
91	'';
92
93	environment.etc."ssh/ldap_authorized_keys" = let
94	ldap_authorized_keys =
95	wrap {
96	name = "ldap_authorized_keys";
97	file = ./ldap_authorized_keys.sh;
98	vars = {
99	LDAP_PASS = myconfig.env.sshd.ldap.password;
100	GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell";
101	ECHO = "${pkgs.coreutils}/bin/echo";
102	};
103	paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ];
104	};
105	in {
106	enable = true;
107	mode = "0755";
108	user = "root";
109	source = ldap_authorized_keys;
110	};
111
112	services.cron = {	83	services.cron = {
113	enable = true;	84	enable = true;
114	systemCronJobs = [	85	systemCronJobs = [