From f2d1789ad78779faf4d6cb28e79e2725a63fa98f Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Fri, 10 Mar 2023 23:13:32 +0000
Subject: [PATCH] add openssh authorized_keys

---
 modules/users.nix | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/modules/users.nix b/modules/users.nix
index 21f46b476..35ed15151 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -42,6 +42,10 @@ in {
             type = types.str;
             default = "/bin/sh";
           };
+          openssh.authorizedKeys.keys = mkOption {
+            type = types.listOf types.str;
+            default = [];
+          };
         };
       });
     };
@@ -59,12 +63,27 @@ in {
       });
     };
   };
-  config = {
-    filesystem = dir {
-      etc = dir {
-        passwd = { file = passwd-file; };
-        group = { file = group-file; };
+  config =
+    let authorized_key_files =
+          lib.attrsets.mapAttrs
+            (name: val: dir {
+              ".ssh" = dir {
+                authorized_keys = {
+                  type = "f";
+                  mode = "0400";
+                  file = lib.concatStringsSep
+                    "\n" val.openssh.authorizedKeys.keys;
+                };
+              };
+            })
+            config.users;
+    in {
+      filesystem = dir {
+        etc = dir {
+          passwd = { file = passwd-file; };
+          group = { file = group-file; };
+        };
+        home = dir authorized_key_files;
       };
     };
-  };
 }