motiejus/config
1
Fork 0
Code Packages Releases Activity

deployerbot: allow fwminex too

Browse Source
This commit is contained in:
Motiejus Jakštys
2024-07-28 22:25:58 +03:00
parent 846ec80d9f
commit 38311119f9
6 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/services/deployerbot/default.nix
View File

@@ -23,7 +23,7 @@
options.mj.services.deployerbot.follower = with lib.types; {
enable = lib.mkEnableOption "Allow system to be deployed with deployerbot";
sshAllowSubnets = lib.mkOption {type = listOf str;};
publicKey = lib.mkOption {type = str;};
publicKeys = lib.mkOption {type = listOf str;};
uidgid = lib.mkOption {type = int;};
};
@@ -129,9 +129,9 @@
isSystemUser = true;
createHome = true;
uid = cfg.uidgid;
openssh.authorizedKeys.keys = let
restrictedPubKey = "from=\"${builtins.concatStringsSep "," cfg.sshAllowSubnets}\" " + cfg.publicKey;
in [restrictedPubKey];
openssh.authorizedKeys.keys =
map (k: "from=\"${builtins.concatStringsSep "," cfg.sshAllowSubnets}\" " + k)
cfg.publicKeys;
};
users.groups.deployerbot-follower.gid = cfg.uidgid;
nix.settings.trusted-users = ["deployerbot-follower"];