Merge pull request 'Fix base user ssh public keys' (#141) from fix/base-user-ssh-public-keys into main
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/141 Reviewed-by: Benjamin Bädorf <hello@benjaminbaedorf.eu>
This commit is contained in:
commit
bcf6ca5fe4
|
@ -7,6 +7,7 @@
|
||||||
# If you don't want the host to have SSH actually opened up to the net,
|
# If you don't want the host to have SSH actually opened up to the net,
|
||||||
# set `services.openssh.openFirewall` to false in your config.
|
# set `services.openssh.openFirewall` to false in your config.
|
||||||
openFirewall = lib.mkDefault true;
|
openFirewall = lib.mkDefault true;
|
||||||
|
passwordAuthentication = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Service that makes Out of Memory Killer more effective
|
# Service that makes Out of Memory Killer more effective
|
||||||
|
|
|
@ -39,7 +39,6 @@ in
|
||||||
# fileSystems."/".options = [ "noexec" ];
|
# fileSystems."/".options = [ "noexec" ];
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
passwordAuthentication = false;
|
|
||||||
kbdInteractiveAuthentication = false;
|
kbdInteractiveAuthentication = false;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
AllowTcpForwarding yes
|
AllowTcpForwarding yes
|
||||||
|
|
|
@ -23,7 +23,7 @@ in
|
||||||
};
|
};
|
||||||
publicKeys = mkOption {
|
publicKeys = mkOption {
|
||||||
description = "User SSH public keys";
|
description = "User SSH public keys";
|
||||||
type = types.listOf types.path;
|
type = types.listOf types.str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
};
|
};
|
||||||
fullName = mkOption {
|
fullName = mkOption {
|
||||||
|
|
|
@ -25,7 +25,7 @@ in
|
||||||
];
|
];
|
||||||
initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
|
initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
openssh.authorizedKeys.keyFiles = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [ ];
|
openssh.authorizedKeys.keys = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [ ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue