summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-01-07 13:28:23 +0100
committertv <tv@krebsco.de>2017-01-07 13:28:23 +0100
commit9779351be952095ed55ad4ccee98452a8838cfb9 (patch)
tree846049ff5cdb00f6dbdf1a3eca49aba7757ff3f5
parent51bbf7f5c2077a5bab74a077049db7ef3d995ca9 (diff)
krebs.git: add authorizedKeys only for users found in rules
-rw-r--r--krebs/3modules/git.nix8
1 files changed, 5 insertions, 3 deletions
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 164831846..a08dbb32c 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -339,9 +339,11 @@ let
description = "Git repository hosting user";
shell = "/bin/sh";
openssh.authorizedKeys.keys =
- mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
- (filterAttrs (_: user: isString user.pubkey)
- config.krebs.users);
+ unique
+ (sort lessThan
+ (map (makeAuthorizedKey git-ssh-command)
+ (filter (user: isString user.pubkey)
+ (concatMap (getAttr "user") cfg.rules))));
};
};