commit 510c28c0a7d668f7704abcb1c9de876a93461cdf
parent 7b193eac859181c52eaa3eaa40bc8d6a59b7b637
Author: Florian Dold <florian.dold@gmail.com>
Date: Mon, 26 Nov 2018 18:46:46 +0100
compose authorized_keys
Diffstat:
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/guix/config.scm b/guix/config.scm
@@ -1,5 +1,6 @@
-(use-modules
+(use-modules
(srfi srfi-1)
+ (ice-9 binary-ports)
(gnu)
(guix)
(guix gexp))
@@ -51,6 +52,23 @@
(copy-file #$(local-file "etc/nginx/sites-enabled/default.site")
"sites-enabled/default.site")))))
+(define (concat-local-files outname files)
+ (gexp->derivation
+ outname
+ #~(begin
+ (define (concat-ports pi po)
+ (unless (port-eof? pi)
+ (let ((chunk (get-bytvector-some pi)))
+ (put-bytevector po chunk)
+ (concat-ports pi po))))
+ (define (concat-to-output src)
+ (call-with-output-file #$output
+ (lambda (po)
+ (call-with-input-file src
+ (lambda (pi)
+ (concat-ports pi po))))))
+ (for-each concat-to-output files))))
+
;; this includes defaults, so 'fastcgi' related files:
(define %nginx-mime-types
(simple-service 'nginx-mime.types
@@ -178,7 +196,14 @@
(x11-forwarding? #t)
(port-number 22)
(password-authentication? #f)
- (permit-root-login 'without-password)))
+ (permit-root-login 'without-password)
+ (authorized-keys
+ `(("root" ,(concat-local-files
+ "root.pub"
+ '("keys/ssh/grothoff.pub"
+ "keys/ssh/ng0.pub"
+ "keys/ssh/dold.pub"
+ "keys/ssh/stanisci.pub")))))))
;; (service rottlog-service-type (rottlog-configuration))
;; (service mcron-service-type
