services: openssh: Extensions provide extra authorized keys.
* gnu/services/ssh.scm (extend-openssh-authorized-keys): New procedure. (openssh-service-type)[compose, extend]: New fields. * doc/guix.texi (Networking Services): Document the extension.master
parent
4892eb7c6a
commit
1398a43816
|
@ -10210,6 +10210,15 @@ shell daemon, @command{sshd}. Its value must be an
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
See below for details about @code{openssh-configuration}.
|
See below for details about @code{openssh-configuration}.
|
||||||
|
|
||||||
|
This service can be extended with extra authorized keys, as in this
|
||||||
|
example:
|
||||||
|
|
||||||
|
@example
|
||||||
|
(service-extension openssh-service-type
|
||||||
|
(const `(("charlie"
|
||||||
|
,(local-file "charlie.pub")))))
|
||||||
|
@end example
|
||||||
@end deffn
|
@end deffn
|
||||||
|
|
||||||
@deftp {Data Type} openssh-configuration
|
@deftp {Data Type} openssh-configuration
|
||||||
|
@ -10303,6 +10312,9 @@ keys. For example:
|
||||||
registers the specified public keys for user accounts @code{rekado},
|
registers the specified public keys for user accounts @code{rekado},
|
||||||
@code{chris}, and @code{root}.
|
@code{chris}, and @code{root}.
|
||||||
|
|
||||||
|
Additional authorized keys can be specified @i{via}
|
||||||
|
@code{service-extension}.
|
||||||
|
|
||||||
Note that this does @emph{not} interfere with the use of
|
Note that this does @emph{not} interfere with the use of
|
||||||
@file{~/.ssh/authorized_keys}.
|
@file{~/.ssh/authorized_keys}.
|
||||||
@end table
|
@end table
|
||||||
|
|
|
@ -29,6 +29,7 @@
|
||||||
#:use-module (guix gexp)
|
#:use-module (guix gexp)
|
||||||
#:use-module (guix records)
|
#:use-module (guix records)
|
||||||
#:use-module (guix modules)
|
#:use-module (guix modules)
|
||||||
|
#:use-module (srfi srfi-1)
|
||||||
#:use-module (srfi srfi-26)
|
#:use-module (srfi srfi-26)
|
||||||
#:use-module (ice-9 match)
|
#:use-module (ice-9 match)
|
||||||
#:export (lsh-configuration
|
#:export (lsh-configuration
|
||||||
|
@ -450,6 +451,13 @@ of user-name/file-like tuples."
|
||||||
#:allow-empty-passwords?
|
#:allow-empty-passwords?
|
||||||
(openssh-configuration-allow-empty-passwords? config))))
|
(openssh-configuration-allow-empty-passwords? config))))
|
||||||
|
|
||||||
|
(define (extend-openssh-authorized-keys config keys)
|
||||||
|
"Extend CONFIG with the extra authorized keys listed in KEYS."
|
||||||
|
(openssh-configuration
|
||||||
|
(inherit config)
|
||||||
|
(authorized-keys
|
||||||
|
(append (openssh-authorized-keys config) keys))))
|
||||||
|
|
||||||
(define openssh-service-type
|
(define openssh-service-type
|
||||||
(service-type (name 'openssh)
|
(service-type (name 'openssh)
|
||||||
(extensions
|
(extensions
|
||||||
|
@ -461,6 +469,8 @@ of user-name/file-like tuples."
|
||||||
openssh-activation)
|
openssh-activation)
|
||||||
(service-extension account-service-type
|
(service-extension account-service-type
|
||||||
(const %openssh-accounts))))
|
(const %openssh-accounts))))
|
||||||
|
(compose concatenate)
|
||||||
|
(extend extend-openssh-authorized-keys)
|
||||||
(default-value (openssh-configuration))))
|
(default-value (openssh-configuration))))
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue