From 9779351be952095ed55ad4ccee98452a8838cfb9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 7 Jan 2017 13:28:23 +0100
Subject: krebs.git: add authorizedKeys only for users found in rules

---
 krebs/3modules/git.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'krebs/3modules/git.nix')

diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 16483184..a08dbb32 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -339,9 +339,11 @@ let
       description = "Git repository hosting user";
       shell = "/bin/sh";
       openssh.authorizedKeys.keys =
-        mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
-                       (filterAttrs (_: user: isString user.pubkey)
-                                    config.krebs.users);
+        unique
+          (sort lessThan
+                (map (makeAuthorizedKey git-ssh-command)
+                     (filter (user: isString user.pubkey)
+                             (concatMap (getAttr "user") cfg.rules))));
     };
   };
 
-- 
cgit v1.2.3