summary refs log tree commit diff
path: root/modules/services/networking/ssh/sshd.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/services/networking/ssh/sshd.nix')
-rw-r--r--modules/services/networking/ssh/sshd.nix29
1 files changed, 19 insertions, 10 deletions
diff --git a/modules/services/networking/ssh/sshd.nix b/modules/services/networking/ssh/sshd.nix
index 3bf4bf642fa5..d89978a852c0 100644
--- a/modules/services/networking/ssh/sshd.nix
+++ b/modules/services/networking/ssh/sshd.nix
@@ -92,7 +92,7 @@ let
       userLoop = flip concatMapStrings usersWithKeys (u:
         let
           authKeys = concatStringsSep "," u.openssh.authorizedKeys.keys;
-          authKeyFiles = concatStringsSep " " u.openssh.authorizedKeys.keyFiles;
+          authKeyFiles = concatStrings (map (x: " ${x}") u.openssh.authorizedKeys.keyFiles);
           preserveExisting = if u.openssh.authorizedKeys.preserveExistingKeys then "true" else "false";
         in ''
           mkAuthKeysFile "${u.name}" "${authKeys}" "${authKeyFiles}" "${preserveExisting}"
@@ -105,25 +105,34 @@ let
         local authKeyFiles="$3"
         local preserveExisting="$4"
 
-        eval authfile=~$userName/.ssh/authorized_keys
-        mkdir -p "$(dirname $authfile)"
-        touch "$authfile"
+        eval homeDir=~$userName
+        if ! [ -d "$homeDir" ]; then
+          echo "User $userName does not exist"
+          return
+        fi
+        if ! [ -d "$homeDir/.ssh" ]; then
+          mkdir -v -m 700 "$homeDir/.ssh"
+          chown "$userName":users "$homeDir/.ssh"
+        fi
+        local authKeysFile="$homeDir/.ssh/authorized_keys"
+        touch "$authKeysFile"
         if [ "$preserveExisting" == false ]; then
-          rm -f "$authfile"
-          echo "${marker2}" > "$authfile"
+          rm -f "$authKeysFile"
+          echo "${marker2}" > "$authKeysFile"
         else
-          sed -i '/${marker1}/ d' "$authfile"
+          sed -i '/${marker1}/ d' "$authKeysFile"
         fi
         IFS=,
         for f in $authKeys; do
-          echo "$f ${marker1}" >> "$authfile"
+          echo "$f ${marker1}" >> "$authKeysFile"
         done
         unset IFS
         for f in $authKeyFiles; do
           if [ -f "$f" ]; then
-            echo "$(cat "$f") ${marker1}" >> "$authfile"
+            echo "$(cat "$f") ${marker1}" >> "$authKeysFile"
           fi
         done
+        chown "$userName" "$authKeysFile"
       }
 
       ${userLoop}
@@ -329,7 +338,7 @@ in
         path = [ pkgs.openssh ];
         
         environment.LD_LIBRARY_PATH = nssModulesPath;
-        environment.LOCALE_ARCHIVE = "/var/run/current-system/sw/lib/locale/locale-archive";
+        environment.LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
 
         preStart =
           ''
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-14 09:17:21 +0000