From da32f052b1390a77c58c8c1c3fae62db1abd050e Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Fri, 27 Jun 2014 09:19:30 +0200
Subject: [PATCH] Revert "nixos/sshd: drop mode from auth keys file".

This reverts commit a3331eb87b25d954766af9652e1415a783dae76c.

See https://github.com/NixOS/nixpkgs/issues/2559#issuecomment-47313334
for a description why this is not a good idea.

I guess it's better to implement a sane way to remove all files in
authorized_keys.d, especially because it is also backwards-compatible.

Reopens #2559.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 nixos/modules/services/networking/ssh/sshd.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index b563a781f1d4..e4b29a0b9090 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -56,6 +56,7 @@ let
   authKeysFiles = let
     mkAuthKeyFile = u: {
       target = "ssh/authorized_keys.d/${u.name}";
+      mode = "0444";
       source = pkgs.writeText "${u.name}-authorized_keys" ''
         ${concatStringsSep "\n" u.openssh.authorizedKeys.keys}
         ${concatMapStrings (f: readFile f + "\n") u.openssh.authorizedKeys.keyFiles}