krebs.git: add authorizedKeys only for users found in rules

2017-01-07 13:28:23 +01:00 · 2017-01-07 13:28:23 +01:00 · 9779351be9
commit 9779351be9
parent 51bbf7f5c2
1 changed files with 5 additions and 3 deletions
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@ -339,9 +339,11 @@ let
      description = "Git repository hosting user";
      shell = "/bin/sh";
      openssh.authorizedKeys.keys =
-        mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
-                       (filterAttrs (_: user: isString user.pubkey)
-                                    config.krebs.users);
+        unique
+          (sort lessThan
+                (map (makeAuthorizedKey git-ssh-command)
+                     (filter (user: isString user.pubkey)
+                             (concatMap (getAttr "user") cfg.rules))));
    };
  };