Allow setting additional AuthorizedKeysFiles

Charon needs this to include the dynamically generated
/root/.vbox-charon-client-key.  (We used
users.extraUsers.root.openssh.authorizedKeys.keyFiles for this, but
that no longer works.)
This commit is contained in:
Eelco Dolstra 2012-12-11 17:29:34 +01:00
parent eda051cff5
commit 78bd54ca80

View file

@ -186,6 +186,11 @@ in
'';
};
authorizedKeysFiles = mkOption {
default = [];
description = "Files from with authorized keys are read.";
};
extraConfig = mkOption {
default = "";
description = "Verbatim contents of <filename>sshd_config</filename>.";
@ -290,6 +295,9 @@ in
networking.firewall.allowedTCPPorts = cfg.ports;
services.openssh.authorizedKeysFiles =
[ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ];
services.openssh.extraConfig =
''
Protocol 2
@ -320,7 +328,7 @@ in
PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"}
ChallengeResponseAuthentication ${if cfg.challengeResponseAuthentication then "yes" else "no"}
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u
AuthorizedKeysFile ${toString cfg.authorizedKeysFiles}
'';
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;