compose authorized_keys

1 files changed, 27 insertions, 2 deletions

diff --git a/guix/config.scm b/guix/config.scm
index 0604843..a532b32 100644
--- a/guix/config.scm
+++ b/guix/config.scm
@@ -1,5 +1,6 @@
-(use-modules 
+(use-modules
  (srfi srfi-1)
+ (ice-9 binary-ports)
  (gnu)
  (guix)
  (guix gexp))
@@ -51,6 +52,23 @@
                                             (copy-file #$(local-file "etc/nginx/sites-enabled/default.site")
                                                        "sites-enabled/default.site")))))
 
+(define (concat-local-files outname files)
+  (gexp->derivation
+   outname
+   #~(begin
+       (define (concat-ports pi po)
+         (unless (port-eof? pi)
+           (let ((chunk (get-bytvector-some pi)))
+             (put-bytevector po chunk)
+             (concat-ports pi po))))
+       (define (concat-to-output src)
+         (call-with-output-file #$output
+           (lambda (po)
+             (call-with-input-file src
+               (lambda (pi)
+                 (concat-ports pi po))))))
+       (for-each concat-to-output files))))
+
 ;; this includes defaults, so 'fastcgi' related files:
 (define %nginx-mime-types
   (simple-service 'nginx-mime.types
@@ -178,7 +196,14 @@
              (x11-forwarding? #t)
              (port-number 22)
              (password-authentication? #f)
-             (permit-root-login 'without-password)))
+             (permit-root-login 'without-password)
+             (authorized-keys
+              `(("root" ,(concat-local-files
+                          "root.pub"
+                          '("keys/ssh/grothoff.pub"
+                            "keys/ssh/ng0.pub"
+                            "keys/ssh/dold.pub"
+                            "keys/ssh/stanisci.pub")))))))
 
    ;; (service rottlog-service-type (rottlog-configuration))
    ;; (service mcron-service-type