derped/nixos
1
0
Fork 0
Code Releases Activity

Public ssh keyfile is now optional even when openssh is enabled.

Browse source
This commit is contained in:
Kevin Baensch 2019-10-11 20:43:52 +02:00
parent 16cb4c308c
commit 206c2e42af
1 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
config/users.nix
View file

@ -5,7 +5,10 @@ with lib;
let let
administrators = user: { administrators = user: {
name = user.name; name = user.name;
value = { value = let
cfg = config.services;
passPath = "${config.machine.secretPath}/${user.name}";
in {
isNormalUser = true; isNormalUser = true;
name = user.name; name = user.name;
uid = user.id; uid = user.id;
@ -14,12 +17,14 @@ let
description = "Administrative user ${user.name}."; description = "Administrative user ${user.name}.";
group = user.name; group = user.name;
extraGroups = [ "audio" "wheel" "network" ] extraGroups = [ "audio" "wheel" "network" ]
++ (optional config.services.xserver.enable "input") ++ (optionals cfg.xserver.enable ["input" "video"])
++ (optionals config.services.printing.enable [ "cups" "lp" ]) ++ (optionals cfg.printing.enable [ "cups" "lp" ])
++ (optional config.virtualisation.docker.enable "docker"); ++ (optional config.virtualisation.docker.enable "docker");
shell = "${pkgs.zsh}/bin/zsh"; shell = "${pkgs.zsh}/bin/zsh";
passwordFile = "${config.machine.secretPath}/${user.name}"; passwordFile = passPath;
openssh.authorizedKeys.keyFiles = optional config.services.openssh.enable "${config.machine.secretPath}/${user.name}.pub"; openssh.authorizedKeys.keyFiles = optional
(cfg.openssh.enable && (builtins.pathExists "${passPath}.pub"))
"${passPath}.pub";
}; };
}; };