Add convenience option nix.sshServe.keys

This is equivalent to setting
users.extraUsers.nix-cache.openssh.authorizedKeys.keys.
This commit is contained in:
Eelco Dolstra 2014-07-25 11:00:32 +02:00
parent 3e9c2bf4b5
commit 77dbe2f46e

@ -4,16 +4,28 @@ with lib;
{
options = {
nix.sshServe = {
enable = mkOption {
description = "Whether to enable serving the Nix store as a binary cache via SSH.";
default = false;
type = types.bool;
default = false;
description = "Whether to enable serving the Nix store as a binary cache via SSH.";
};
keys = mkOption {
type = types.listOf types.str;
default = [];
example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ];
description = "A list of SSH public keys allowed to access the binary cache via SSH.";
};
};
};
config = mkIf config.nix.sshServe.enable {
users.extraUsers.nix-ssh = {
description = "Nix SSH substituter user";
uid = config.ids.uids.nix-ssh;
@ -32,5 +44,8 @@ with lib;
ForceCommand ${config.nix.package}/bin/nix-store --serve
Match All
'';
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys;
};
}