Automatically add administrative users to openssh's AllowUsers list.

This commit is contained in:
Kevin Baensch 2019-06-26 00:33:04 +02:00
parent d2c6b3931e
commit ed892d1fb8

View file

@ -15,9 +15,12 @@ mkIf (elem "openssh" config.machine.services) {
challengeResponseAuthentication = false; challengeResponseAuthentication = false;
passwordAuthentication = false; passwordAuthentication = false;
permitRootLogin = "no"; permitRootLogin = "no";
extraConfig = '' extraConfig = let users = concatMapStrings (user: "${user.name} ") config.machine.administrators
+ (if config.services.gitea.enable then (config.services.gitea.user + " ") else "")
+ (if config.services.nix-serve.enable then "nix-ssh" else "");
in ''
UsePAM no UsePAM no
AllowUsers derped git nix-ssh AllowUsers ${users}
UsePrivilegeSeparation sandbox UsePrivilegeSeparation sandbox
LogLevel VERBOSE LogLevel VERBOSE
''; '';