aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/ssh/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixops/modules/ssh/default.nix')
-rw-r--r--nixops/modules/ssh/default.nix20
1 files changed, 14 insertions, 6 deletions
diff --git a/nixops/modules/ssh/default.nix b/nixops/modules/ssh/default.nix
index b28f6ca..924f86e 100644
--- a/nixops/modules/ssh/default.nix
+++ b/nixops/modules/ssh/default.nix
@@ -8,17 +8,25 @@
8 AuthorizedKeysCommandUser nobody 8 AuthorizedKeysCommandUser nobody
9 ''; 9 '';
10 10
11 deployment.keys = {
12 ssh-ldap = {
13 user = "nobody";
14 group = "nobody";
15 permissions = "0400";
16 text = myconfig.env.sshd.ldap.password;
17 };
18 };
19 system.activationScripts.sshd = ''
20 install -Dm400 -o nobody -g nobody -T /run/keys/ssh-ldap /etc/ssh/ldap_password
21 '';
22 # ssh is strict about parent directory having correct rights, don't
23 # move it in the nix store.
11 environment.etc."ssh/ldap_authorized_keys" = let 24 environment.etc."ssh/ldap_authorized_keys" = let
12 ldap_authorized_keys = 25 ldap_authorized_keys =
13 mylibs.wrap { 26 mylibs.wrap {
14 name = "ldap_authorized_keys"; 27 name = "ldap_authorized_keys";
15 file = ./ldap_authorized_keys.sh; 28 file = ./ldap_authorized_keys.sh;
16 vars = { 29 paths = [ pkgs.which pkgs.gitolite pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ];
17 LDAP_PASS = myconfig.env.sshd.ldap.password;
18 GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell";
19 ECHO = "${pkgs.coreutils}/bin/echo";
20 };
21 paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ];
22 }; 30 };
23 in { 31 in {
24 enable = true; 32 enable = true;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 03:29:02 +0000