services: openssh: Collect all keys for all users.

Fixes <https://issues.guix.gnu.org/51487> * gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key is forgotten. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2024-11-07 07:26:13 -05:00 · 2021-10-29 18:25:24 +02:00 · 2021-10-29 18:25:24 +02:00 · b4b2bbf4fb
commit b4b2bbf4fb
parent b2f8186590
1 changed files with 10 additions and 1 deletions
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@ -39,6 +39,7 @@ (define-module (gnu services ssh)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-26)
  #:use-module (ice-9 match)
+  #:use-module (ice-9 vlist)
  #:export (lsh-configuration
            lsh-configuration?
            lsh-service
@ -535,7 +536,15 @@ (define (extend-openssh-authorized-keys config keys)
  (openssh-configuration
   (inherit config)
   (authorized-keys
-    (append (openssh-authorized-keys config) keys))))
+    (match (openssh-authorized-keys config)
+      (((users _ ...) ...)
+       ;; Build a user/key-list mapping.
+       (let ((user-keys (alist->vhash (openssh-authorized-keys config))))
+         ;; Coalesce the key lists associated with each user.
+         (map (lambda (user)
+                `(,user
+                  ,@(concatenate (vhash-fold* cons '() user user-keys))))
+              users)))))))

 (define openssh-service-type
  (service-type (name 'openssh)