[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
04/04: services: openssh: Extensions provide extra authorized keys.
From: |
Ludovic Courtès |
Subject: |
04/04: services: openssh: Extensions provide extra authorized keys. |
Date: |
Sun, 30 Jul 2017 10:23:26 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 1398a43816011c435fb6723154dbf1d3414b5b3d
Author: Ludovic Courtès <address@hidden>
Date: Sun Jul 30 16:03:43 2017 +0200
services: openssh: Extensions provide extra authorized keys.
* gnu/services/ssh.scm (extend-openssh-authorized-keys): New procedure.
(openssh-service-type)[compose, extend]: New fields.
* doc/guix.texi (Networking Services): Document the extension.
---
doc/guix.texi | 12 ++++++++++++
gnu/services/ssh.scm | 10 ++++++++++
2 files changed, 22 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 962bdc1..6b4b19d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -10210,6 +10210,15 @@ shell daemon, @command{sshd}. Its value must be an
@end example
See below for details about @code{openssh-configuration}.
+
+This service can be extended with extra authorized keys, as in this
+example:
+
address@hidden
+(service-extension openssh-service-type
+ (const `(("charlie"
+ ,(local-file "charlie.pub")))))
address@hidden example
@end deffn
@deftp {Data Type} openssh-configuration
@@ -10303,6 +10312,9 @@ keys. For example:
registers the specified public keys for user accounts @code{rekado},
@code{chris}, and @code{root}.
+Additional authorized keys can be specified @i{via}
address@hidden
+
Note that this does @emph{not} interfere with the use of
@file{~/.ssh/authorized_keys}.
@end table
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 08635af..697bb1b 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -29,6 +29,7 @@
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (guix modules)
+ #:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:export (lsh-configuration
@@ -450,6 +451,13 @@ of user-name/file-like tuples."
#:allow-empty-passwords?
(openssh-configuration-allow-empty-passwords? config))))
+(define (extend-openssh-authorized-keys config keys)
+ "Extend CONFIG with the extra authorized keys listed in KEYS."
+ (openssh-configuration
+ (inherit config)
+ (authorized-keys
+ (append (openssh-authorized-keys config) keys))))
+
(define openssh-service-type
(service-type (name 'openssh)
(extensions
@@ -461,6 +469,8 @@ of user-name/file-like tuples."
openssh-activation)
(service-extension account-service-type
(const %openssh-accounts))))
+ (compose concatenate)
+ (extend extend-openssh-authorized-keys)
(default-value (openssh-configuration))))