aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2017-07-30 16:03:43 +0200
committerLudovic Courtès <ludo@gnu.org>2017-07-30 16:23:19 +0200
commit1398a43816011c435fb6723154dbf1d3414b5b3d (patch)
tree8d620776214b52974d7d172644d8bbdd8d48245a
parent4892eb7c6a21416f3a18e18ca17984e2b66050ad (diff)
downloadpatches-1398a43816011c435fb6723154dbf1d3414b5b3d.tar
patches-1398a43816011c435fb6723154dbf1d3414b5b3d.tar.gz
services: openssh: Extensions provide extra authorized keys.
* gnu/services/ssh.scm (extend-openssh-authorized-keys): New procedure. (openssh-service-type)[compose, extend]: New fields. * doc/guix.texi (Networking Services): Document the extension.
-rw-r--r--doc/guix.texi12
-rw-r--r--gnu/services/ssh.scm10
2 files changed, 22 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 962bdc17f9..6b4b19d0cf 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -10210,6 +10210,15 @@ shell daemon, @command{sshd}. Its value must be an
@end example
See below for details about @code{openssh-configuration}.
+
+This service can be extended with extra authorized keys, as in this
+example:
+
+@example
+(service-extension openssh-service-type
+ (const `(("charlie"
+ ,(local-file "charlie.pub")))))
+@end example
@end deffn
@deftp {Data Type} openssh-configuration
@@ -10303,6 +10312,9 @@ keys. For example:
registers the specified public keys for user accounts @code{rekado},
@code{chris}, and @code{root}.
+Additional authorized keys can be specified @i{via}
+@code{service-extension}.
+
Note that this does @emph{not} interfere with the use of
@file{~/.ssh/authorized_keys}.
@end table
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 08635af16d..697bb1b82e 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -29,6 +29,7 @@
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (guix modules)
+ #:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:export (lsh-configuration
@@ -450,6 +451,13 @@ of user-name/file-like tuples."
#:allow-empty-passwords?
(openssh-configuration-allow-empty-passwords? config))))
+(define (extend-openssh-authorized-keys config keys)
+ "Extend CONFIG with the extra authorized keys listed in KEYS."
+ (openssh-configuration
+ (inherit config)
+ (authorized-keys
+ (append (openssh-authorized-keys config) keys))))
+
(define openssh-service-type
(service-type (name 'openssh)
(extensions
@@ -461,6 +469,8 @@ of user-name/file-like tuples."
openssh-activation)
(service-extension account-service-type
(const %openssh-accounts))))
+ (compose concatenate)
+ (extend extend-openssh-authorized-keys)
(default-value (openssh-configuration))))