diff options
author | Florian Dold <florian.dold@gmail.com> | 2018-11-26 18:46:46 +0100 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2018-11-26 18:46:46 +0100 |
commit | 510c28c0a7d668f7704abcb1c9de876a93461cdf (patch) | |
tree | f54fd0efb382be1fcd52c25cab52c66fadc889ba /guix/config.scm | |
parent | 7b193eac859181c52eaa3eaa40bc8d6a59b7b637 (diff) | |
download | deployment-510c28c0a7d668f7704abcb1c9de876a93461cdf.tar.gz deployment-510c28c0a7d668f7704abcb1c9de876a93461cdf.tar.bz2 deployment-510c28c0a7d668f7704abcb1c9de876a93461cdf.zip |
compose authorized_keys
Diffstat (limited to 'guix/config.scm')
-rw-r--r-- | guix/config.scm | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/guix/config.scm b/guix/config.scm index 0604843..a532b32 100644 --- a/guix/config.scm +++ b/guix/config.scm @@ -1,5 +1,6 @@ -(use-modules +(use-modules (srfi srfi-1) + (ice-9 binary-ports) (gnu) (guix) (guix gexp)) @@ -51,6 +52,23 @@ (copy-file #$(local-file "etc/nginx/sites-enabled/default.site") "sites-enabled/default.site"))))) +(define (concat-local-files outname files) + (gexp->derivation + outname + #~(begin + (define (concat-ports pi po) + (unless (port-eof? pi) + (let ((chunk (get-bytvector-some pi))) + (put-bytevector po chunk) + (concat-ports pi po)))) + (define (concat-to-output src) + (call-with-output-file #$output + (lambda (po) + (call-with-input-file src + (lambda (pi) + (concat-ports pi po)))))) + (for-each concat-to-output files)))) + ;; this includes defaults, so 'fastcgi' related files: (define %nginx-mime-types (simple-service 'nginx-mime.types @@ -178,7 +196,14 @@ (x11-forwarding? #t) (port-number 22) (password-authentication? #f) - (permit-root-login 'without-password))) + (permit-root-login 'without-password) + (authorized-keys + `(("root" ,(concat-local-files + "root.pub" + '("keys/ssh/grothoff.pub" + "keys/ssh/ng0.pub" + "keys/ssh/dold.pub" + "keys/ssh/stanisci.pub"))))))) ;; (service rottlog-service-type (rottlog-configuration)) ;; (service mcron-service-type |