M doc/guix.texi => doc/guix.texi +12 -0
@@ 10210,6 10210,15 @@ shell daemon, @command{sshd}. Its value must be an
@end example
See below for details about @code{openssh-configuration}.
+
+This service can be extended with extra authorized keys, as in this
+example:
+
+@example
+(service-extension openssh-service-type
+ (const `(("charlie"
+ ,(local-file "charlie.pub")))))
+@end example
@end deffn
@deftp {Data Type} openssh-configuration
@@ 10303,6 10312,9 @@ keys. For example:
registers the specified public keys for user accounts @code{rekado},
@code{chris}, and @code{root}.
+Additional authorized keys can be specified @i{via}
+@code{service-extension}.
+
Note that this does @emph{not} interfere with the use of
@file{~/.ssh/authorized_keys}.
@end table
M gnu/services/ssh.scm => gnu/services/ssh.scm +10 -0
@@ 29,6 29,7 @@
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (guix modules)
+ #:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:export (lsh-configuration
@@ 450,6 451,13 @@ of user-name/file-like tuples."
#:allow-empty-passwords?
(openssh-configuration-allow-empty-passwords? config))))
+(define (extend-openssh-authorized-keys config keys)
+ "Extend CONFIG with the extra authorized keys listed in KEYS."
+ (openssh-configuration
+ (inherit config)
+ (authorized-keys
+ (append (openssh-authorized-keys config) keys))))
+
(define openssh-service-type
(service-type (name 'openssh)
(extensions
@@ 461,6 469,8 @@ of user-name/file-like tuples."
openssh-activation)
(service-extension account-service-type
(const %openssh-accounts))))
+ (compose concatenate)
+ (extend extend-openssh-authorized-keys)
(default-value (openssh-configuration))))
�