diff options
author | Ludovic Courtès <ludo@gnu.org> | 2017-07-30 16:03:43 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2017-07-30 16:23:19 +0200 |
commit | 1398a43816011c435fb6723154dbf1d3414b5b3d (patch) | |
tree | 8d620776214b52974d7d172644d8bbdd8d48245a | |
parent | 4892eb7c6a21416f3a18e18ca17984e2b66050ad (diff) | |
download | patches-1398a43816011c435fb6723154dbf1d3414b5b3d.tar patches-1398a43816011c435fb6723154dbf1d3414b5b3d.tar.gz |
services: openssh: Extensions provide extra authorized keys.
* gnu/services/ssh.scm (extend-openssh-authorized-keys): New procedure.
(openssh-service-type)[compose, extend]: New fields.
* doc/guix.texi (Networking Services): Document the extension.
-rw-r--r-- | doc/guix.texi | 12 | ||||
-rw-r--r-- | gnu/services/ssh.scm | 10 |
2 files changed, 22 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 962bdc17f9..6b4b19d0cf 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -10210,6 +10210,15 @@ shell daemon, @command{sshd}. Its value must be an @end example See below for details about @code{openssh-configuration}. + +This service can be extended with extra authorized keys, as in this +example: + +@example +(service-extension openssh-service-type + (const `(("charlie" + ,(local-file "charlie.pub"))))) +@end example @end deffn @deftp {Data Type} openssh-configuration @@ -10303,6 +10312,9 @@ keys. For example: registers the specified public keys for user accounts @code{rekado}, @code{chris}, and @code{root}. +Additional authorized keys can be specified @i{via} +@code{service-extension}. + Note that this does @emph{not} interfere with the use of @file{~/.ssh/authorized_keys}. @end table diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 08635af16d..697bb1b82e 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -29,6 +29,7 @@ #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix modules) + #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (ice-9 match) #:export (lsh-configuration @@ -450,6 +451,13 @@ of user-name/file-like tuples." #:allow-empty-passwords? (openssh-configuration-allow-empty-passwords? config)))) +(define (extend-openssh-authorized-keys config keys) + "Extend CONFIG with the extra authorized keys listed in KEYS." + (openssh-configuration + (inherit config) + (authorized-keys + (append (openssh-authorized-keys config) keys)))) + (define openssh-service-type (service-type (name 'openssh) (extensions @@ -461,6 +469,8 @@ of user-name/file-like tuples." openssh-activation) (service-extension account-service-type (const %openssh-accounts)))) + (compose concatenate) + (extend extend-openssh-authorized-keys) (default-value (openssh-configuration)))) |