diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-07-25 11:00:32 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-07-25 14:29:08 +0200 |
commit | 77dbe2f46e8946be6d0e6706fb9acf807e135b8f (patch) | |
tree | 70c8db603179158f558fd9c747224071cf024241 /nixos/modules/services/misc/nix-ssh-serve.nix | |
parent | 3e9c2bf4b5d55c2a8f8e944e6b8335761a40efb9 (diff) | |
download | nixpkgs-77dbe2f46e8946be6d0e6706fb9acf807e135b8f.tar nixpkgs-77dbe2f46e8946be6d0e6706fb9acf807e135b8f.tar.gz nixpkgs-77dbe2f46e8946be6d0e6706fb9acf807e135b8f.tar.bz2 nixpkgs-77dbe2f46e8946be6d0e6706fb9acf807e135b8f.tar.lz nixpkgs-77dbe2f46e8946be6d0e6706fb9acf807e135b8f.tar.xz nixpkgs-77dbe2f46e8946be6d0e6706fb9acf807e135b8f.tar.zst nixpkgs-77dbe2f46e8946be6d0e6706fb9acf807e135b8f.zip |
Add convenience option nix.sshServe.keys
This is equivalent to setting users.extraUsers.nix-cache.openssh.authorizedKeys.keys.
Diffstat (limited to 'nixos/modules/services/misc/nix-ssh-serve.nix')
-rw-r--r-- | nixos/modules/services/misc/nix-ssh-serve.nix | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/nix-ssh-serve.nix b/nixos/modules/services/misc/nix-ssh-serve.nix index 51fe79270a6..89c64d22a63 100644 --- a/nixos/modules/services/misc/nix-ssh-serve.nix +++ b/nixos/modules/services/misc/nix-ssh-serve.nix @@ -4,16 +4,28 @@ with lib; { options = { + nix.sshServe = { + enable = mkOption { - description = "Whether to enable serving the Nix store as a binary cache via SSH."; - default = false; type = types.bool; + default = false; + description = "Whether to enable serving the Nix store as a binary cache via SSH."; }; + + keys = mkOption { + type = types.listOf types.str; + default = []; + example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ]; + description = "A list of SSH public keys allowed to access the binary cache via SSH."; + }; + }; + }; config = mkIf config.nix.sshServe.enable { + users.extraUsers.nix-ssh = { description = "Nix SSH substituter user"; uid = config.ids.uids.nix-ssh; @@ -32,5 +44,8 @@ with lib; ForceCommand ${config.nix.package}/bin/nix-store --serve Match All ''; + + users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys; + }; } |