Merge branch 'joeyconfig'

1 files changed, 13 insertions, 0 deletions

diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index 4ecdf23e..5d326b83 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -3,6 +3,7 @@ module Propellor.Property.Ssh (
 	permitRootLogin,
 	passwordAuthentication,
 	hasAuthorizedKeys,
+	authorizedKey,
 	restarted,
 	randomHostKeys,
 	hostKeys,
@@ -155,6 +156,8 @@ knownHost hosts hn user = property desc $
 		return FailedChange
 
 -- | Makes a user have authorized_keys from the PrivData
+--
+-- This removes any other lines from the file.
 authorizedKeys :: UserName -> Context -> Property
 authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \get ->
 	property (user ++ " has authorized_keys") $ get $ \v -> do
@@ -167,6 +170,16 @@ authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \g
 			, File.ownerGroup (takeDirectory f) user user
 			] 
 
+-- | Ensures that a user's authorized_keys contains a line.
+-- Any other lines in the file are preserved as-is.
+authorizedKey :: UserName -> String -> Property
+authorizedKey user l = property (user ++ " has autorized_keys line " ++ l) $ do
+	f <- liftIO $ dotFile "authorized_keys" user
+	ensureProperty $
+		f `File.containsLine` l
+			`requires` File.dirExists (takeDirectory f)
+			`onChange` File.mode f (combineModes [ownerWriteMode, ownerReadMode])
+
 -- | Makes the ssh server listen on a given port, in addition to any other
 -- ports it is configured to listen on.
 --