services: openssh: Extensions provide extra authorized keys.

* gnu/services/ssh.scm (extend-openssh-authorized-keys): New procedure. (openssh-service-type)[compose, extend]: New fields. * doc/guix.texi (Networking Services): Document the extension.

services: openssh: Extensions provide extra authorized keys.
1398a438 · Ludovic Courtès · 4892eb7c · 1398a438 · 1398a438
Unverified Commit 1398a438 authored 7 years ago by Ludovic Courtès
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -10210,6 +10210,15 @@ shell daemon, @command{sshd}.  Its value must be an
 @end example
  
 See below for details about @code{openssh-configuration}.
+
+This service can be extended with extra authorized keys, as in this
+example:
+
+@example
+(service-extension openssh-service-type
+                   (const `(("charlie"
+                             ,(local-file "charlie.pub")))))
+@end example
 @end deffn
  
 @deftp {Data Type} openssh-configuration
@@ -10303,6 +10312,9 @@ keys.  For example:
 registers the specified public keys for user accounts @code{rekado},
 @code{chris}, and @code{root}.
  
+Additional authorized keys can be specified @i{via}
+@code{service-extension}.
+
 Note that this does @emph{not} interfere with the use of
 @file{~/.ssh/authorized_keys}.
 @end table

--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -29,6 +29,7 @@ (define-module (gnu services ssh)
  #:use-module (guix gexp)
  #:use-module (guix records)
  #:use-module (guix modules)
+  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-26)
  #:use-module (ice-9 match)
  #:export (lsh-configuration
@@ -450,6 +451,13 @@ (define (openssh-pam-services config)
         #:allow-empty-passwords?
         (openssh-configuration-allow-empty-passwords? config))))

+(define (extend-openssh-authorized-keys config keys)
+  "Extend CONFIG with the extra authorized keys listed in KEYS."
+  (openssh-configuration
+   (inherit config)
+   (authorized-keys
+    (append (openssh-authorized-keys config) keys))))
+
 (define openssh-service-type
  (service-type (name 'openssh)
                (extensions
@@ -461,6 +469,8 @@ (define openssh-service-type
                                          openssh-activation)
                       (service-extension account-service-type
                                          (const %openssh-accounts))))
+                (compose concatenate)
+                (extend extend-openssh-authorized-keys)
                (default-value (openssh-configuration))))