derped
/
nixos
1
0
Fork 0
Code Releases Activity

Public ssh keyfile is now optional even when openssh is enabled.

This commit is contained in:
Kevin Baensch 2019-10-11 20:43:52 +02:00
parent 16cb4c308c
commit 206c2e42af
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
config/users.nix
View File

@ -5,7 +5,10 @@ with lib;
let
administrators = user: {
name = user.name;
value = {
value = let
cfg = config.services;
passPath = "${config.machine.secretPath}/${user.name}";
in {
isNormalUser = true;
name = user.name;
uid = user.id;
@ -14,12 +17,14 @@ let
description = "Administrative user ${user.name}.";
group = user.name;
extraGroups = [ "audio" "wheel" "network" ]
++ (optional config.services.xserver.enable "input")
++ (optionals config.services.printing.enable [ "cups" "lp" ])
++ (optionals cfg.xserver.enable ["input" "video"])
++ (optionals cfg.printing.enable [ "cups" "lp" ])
++ (optional config.virtualisation.docker.enable "docker");
shell = "${pkgs.zsh}/bin/zsh";
passwordFile = "${config.machine.secretPath}/${user.name}";
openssh.authorizedKeys.keyFiles = optional config.services.openssh.enable "${config.machine.secretPath}/${user.name}.pub";
passwordFile = passPath;
openssh.authorizedKeys.keyFiles = optional
(cfg.openssh.enable && (builtins.pathExists "${passPath}.pub"))
"${passPath}.pub";
};
};