summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Ssh.hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor/Property/Ssh.hs')
-rw-r--r--src/Propellor/Property/Ssh.hs13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index 4ecdf23e..5d326b83 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -3,6 +3,7 @@ module Propellor.Property.Ssh (
permitRootLogin,
passwordAuthentication,
hasAuthorizedKeys,
+ authorizedKey,
restarted,
randomHostKeys,
hostKeys,
@@ -155,6 +156,8 @@ knownHost hosts hn user = property desc $
return FailedChange
-- | Makes a user have authorized_keys from the PrivData
+--
+-- This removes any other lines from the file.
authorizedKeys :: UserName -> Context -> Property
authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \get ->
property (user ++ " has authorized_keys") $ get $ \v -> do
@@ -167,6 +170,16 @@ authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \g
, File.ownerGroup (takeDirectory f) user user
]
+-- | Ensures that a user's authorized_keys contains a line.
+-- Any other lines in the file are preserved as-is.
+authorizedKey :: UserName -> String -> Property
+authorizedKey user l = property (user ++ " has autorized_keys line " ++ l) $ do
+ f <- liftIO $ dotFile "authorized_keys" user
+ ensureProperty $
+ f `File.containsLine` l
+ `requires` File.dirExists (takeDirectory f)
+ `onChange` File.mode f (combineModes [ownerWriteMode, ownerReadMode])
+
-- | Makes the ssh server listen on a given port, in addition to any other
-- ports it is configured to listen on.
--