Add convenience option nix.sshServe.keys
This is equivalent to setting users.extraUsers.nix-cache.openssh.authorizedKeys.keys.
This commit is contained in:
parent
3e9c2bf4b5
commit
77dbe2f46e
@ -4,16 +4,28 @@ with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
|
||||
nix.sshServe = {
|
||||
|
||||
enable = mkOption {
|
||||
description = "Whether to enable serving the Nix store as a binary cache via SSH.";
|
||||
default = false;
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable serving the Nix store as a binary cache via SSH.";
|
||||
};
|
||||
|
||||
keys = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ];
|
||||
description = "A list of SSH public keys allowed to access the binary cache via SSH.";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf config.nix.sshServe.enable {
|
||||
|
||||
users.extraUsers.nix-ssh = {
|
||||
description = "Nix SSH substituter user";
|
||||
uid = config.ids.uids.nix-ssh;
|
||||
@ -32,5 +44,8 @@ with lib;
|
||||
ForceCommand ${config.nix.package}/bin/nix-store --serve
|
||||
Match All
|
||||
'';
|
||||
|
||||
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys;
|
||||
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user