authkeys path in sshd_config

author: sbh69840 <sbh69840@gmail.com> 2023-05-10 21:16:52 +0530
committer: sbh69840 <sbh69840@gmail.com> 2023-05-10 21:16:52 +0530
commit: ab2e16159f5a04fd962f3d7de8dc4901d048db17 (patch)
tree: 6632562ba1bb79fb8b7e9fec3824591ee0698b3e /modules
parent: ccaa942888f53404b56d979cb3a0a5c9f18a1faa (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/modules/programs/ssh/default.nix b/modules/programs/ssh/default.nix
index 7797e4d..b8baec6 100644
--- a/modules/programs/ssh/default.nix
+++ b/modules/programs/ssh/default.nix
@@ -90,6 +90,13 @@ let
       length u.openssh.authorizedKeys.keys != 0 || length u.openssh.authorizedKeys.keyFiles != 0
     ));
   in listToAttrs (map mkAuthKeyFile usersWithKeys);
+  authKeysConfiguration = 
+  {
+    "ssh/sshd_config.d/101-authorized-keys.conf" = {
+      copy = true;
+      text = "AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u";
+    };
+  };
 in
 
 {
@@ -128,7 +135,7 @@ in
       message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
     });
     
-    environment.etc = authKeysFiles //
+    environment.etc = authKeysFiles // authKeysConfiguration //
       { "ssh/ssh_known_hosts".text = (flip (concatMapStringsSep "\n") knownHosts
         (h: assert h.hostNames != [];
           concatStringsSep "," h.hostNames + " "
author	sbh69840 <sbh69840@gmail.com>	2023-05-10 21:16:52 +0530
committer	sbh69840 <sbh69840@gmail.com>	2023-05-10 21:16:52 +0530
commit	ab2e16159f5a04fd962f3d7de8dc4901d048db17 (patch)
tree	6632562ba1bb79fb8b7e9fec3824591ee0698b3e /modules
parent	ccaa942888f53404b56d979cb3a0a5c9f18a1faa (diff)