copy-root-authorized-keys: use inline script definition

This commit is contained in:
Erik Arvstedt 2020-04-07 22:47:44 +02:00
parent 63c6fe3213
commit 6c22e13b7f
No known key found for this signature in database
GPG Key ID: 33312B944DD97846

View File

@ -9,17 +9,6 @@ let
map = [ map ]; map = [ map ];
version = 3; version = 3;
}; };
operatorCopySSH = pkgs.writeText "operator-copy-ssh.sh" ''
mkdir -p ${config.users.users.operator.home}/.ssh
if [ -e "${config.users.users.root.home}/.vbox-nixops-client-key" ]; then
cp ${config.users.users.root.home}/.vbox-nixops-client-key ${config.users.users.operator.home}/.ssh/authorized_keys
fi
if [ -e "/etc/ssh/authorized_keys.d/root" ]; then
cat /etc/ssh/authorized_keys.d/root >> ${config.users.users.operator.home}/.ssh/authorized_keys
fi
chown -R operator ${config.users.users.operator.home}/.ssh
'';
in { in {
imports = [ ../modules.nix ]; imports = [ ../modules.nix ];
@ -170,14 +159,24 @@ in {
''); '');
# Give root ssh access to the operator account # Give root ssh access to the operator account
# FIXME: move this to deployment/nixops.nix after merging PR 'nix-bitcoin-as-module'
systemd.services.copy-root-authorized-keys = { systemd.services.copy-root-authorized-keys = {
description = "Copy root authorized keys"; description = "Copy root authorized keys";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig.type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash \"${operatorCopySSH}\""; script = let
user = "root"; operator = config.users.users.operator.home;
type = "oneshot"; root = config.users.users.root.home;
}; in ''
mkdir -p ${operator}/.ssh
if [[ -e "${root}/.vbox-nixops-client-key" ]]; then
cp ${root}/.vbox-nixops-client-key ${operator}/.ssh/authorized_keys
fi
if [[ -e "/etc/ssh/authorized_keys.d/root" ]]; then
cat /etc/ssh/authorized_keys.d/root >> ${operator}/.ssh/authorized_keys
fi
chown -R operator ${operator}/.ssh
'';
}; };
}; };
} }