improve authorized_keys parsing (#46)

This commit is contained in:
DavHau 2020-02-20 06:22:02 +07:00 committed by GitHub
parent 9198c51f05
commit 613fa20813
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -10,7 +10,12 @@ makeConf() {
# NB <<"EOF" quotes / $ ` in heredocs, <<EOF does not # NB <<"EOF" quotes / $ ` in heredocs, <<EOF does not
mkdir -p /etc/nixos mkdir -p /etc/nixos
# Prevent grep for sending error code 1 (and halting execution) when no lines are selected : https://www.unix.com/man-page/posix/1P/grep # Prevent grep for sending error code 1 (and halting execution) when no lines are selected : https://www.unix.com/man-page/posix/1P/grep
local IFS=$'\n'; keys=($(grep -vE '^[[:space:]]*(#|$)' /root/.ssh/authorized_keys || [[ $? == 1 ]])) local IFS=$'\n'
for trypath in /root/.ssh/authorized_keys $HOME/.ssh/authorized_keys; do
[[ -r "$trypath" ]] \
&& keys=$(sed -E 's/^.*((ssh|ecdsa)-[^[:space:]]+)[[:space:]]+([^[:space:]]+)([[:space:]]*.*)$/\1 \3\4/' "$trypath") \
&& break
done
local network_import="" local network_import=""
[ "$PROVIDER" = "digitalocean" ] && network_import="./networking.nix # generated at runtime by nixos-infect" [ "$PROVIDER" = "digitalocean" ] && network_import="./networking.nix # generated at runtime by nixos-infect"
@ -26,8 +31,8 @@ makeConf() {
networking.hostName = "$(hostname)"; networking.hostName = "$(hostname)";
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [$(for key in "${keys[@]}"; do echo -n " users.users.root.openssh.authorizedKeys.keys = [$(while read -r line; do echo -n "
\"$key\""; done) \"$line\" "; done <<< "$keys")
]; ];
} }
EOF EOF