Am Montag, dem 07.02.2022 um 22:02 +0100 schrieb Maxime Devos: > Zacchaeus Scheffer schreef op ma 07-02-2022 om 14:47 [-0500]: > > I was able create the desired effect with the following service > > definition: > > (simple-service > > 'my-activation-service > > home-activation-service-type > > (gexp > > (begin > > (chdir (ungexp user-home)) > > (if (not (file-exists? ".ssh")) > > (mkdir ".ssh")) > > (chmod ".ssh" #o700) > > (chdir ".ssh") > > (let ((port (open-output-file "authorized_keys"))) > > (display (ungexp authorized-keys) port) > > (close-port port)) > > (chmod "authorized_keys" #o600) > > (chdir "..")))) > > where 'user-home and 'authorized-keys are appropriate strings > > defined earlier in the file. > > > > I believe that resolves the issue, > > Users shouldn't have to do this (relatively) huge block of relatively > inscrutable code though, I believe something along these lines (or a > different solution) needs to be implemented in Guix itself somewhere > before the issue is resolved. I'll again be pointing at the "don't put secrets into your store" shield. We'd have to find a reasonable way of encrypting sensitive data before we can do a home-ssh-service-type.
@Zacchaeus, your code can likely be simplified to #~(with-directory-excursion #$user-home (mkdir-p ".ssh") (chmod ".ssh" #o700) (with-directory-excursion ".ssh" (copy-file #$authorized-keys "authorized_keys") (chmod "authorized_keys" #o600))) though perhaps there's some magic incantation to import (guix build utils) for mkdir-p and with-directory-excursion that I'm missing here. Cheers