4 files changed, 10 insertions, 12 deletions

diff --git a/apps/cgit/appspec.nix b/apps/cgit/appspec.nix
index a7744d5..4790a21 100644
--- a/apps/cgit/appspec.nix
+++ b/apps/cgit/appspec.nix
@@ -26,11 +26,11 @@
     };
     users = lib.mkOption {
       type = lib.types.attrsOf (lib.types.submodule {
-        options.publicKeyFile = lib.mkOption {
-          type = lib.types.nullOr lib.types.str;
+        options.publicKeyFiles = lib.mkOption {
+          type = lib.types.listOf lib.types.str;
         };
       });
-      default = { };
+      default = [ ];
     };
   };
 }
diff --git a/apps/cgit/integration.nix b/apps/cgit/integration.nix
index 8190c2a..608c29f 100644
--- a/apps/cgit/integration.nix
+++ b/apps/cgit/integration.nix
@@ -4,9 +4,9 @@
   users.users.git.createHome = true;
   users.users.git.shell = "${pkgs.git}/bin/git-shell";
   users.users.git.openssh.authorizedKeys.keyFiles =
-    lib.optionals (appConfig.users != null) (lib.mapAttrsToList
-      (name: attrs: attrs.publicKeyFile)
-      appConfig.users);
+    lib.optionals (appConfig.users != null) (lib.concatLists (lib.mapAttrsToList
+      (name: attrs: attrs.publicKeyFiles)
+      appConfig.users));
 
   bindMounts."/var/lib/git".isReadOnly = false;
 
diff --git a/apps/static-users/appspec.nix b/apps/static-users/appspec.nix
index cb55ea7..92ec8ba 100644
--- a/apps/static-users/appspec.nix
+++ b/apps/static-users/appspec.nix
@@ -7,9 +7,9 @@
         type = lib.types.nullOr lib.types.str;
         default = "system-secrets/${appConfig.appId}/${appConfig.users.${name}.username}.password";
       };
-      options.publicKeyFile = lib.mkOption {
-        type = lib.types.nullOr lib.types.path;
-        default = null;
+      options.publicKeyFiles = lib.mkOption {
+        type = lib.types.listOf lib.types.path;
+        default = [ ];
       };
       options.username = lib.mkOption {
         type = lib.types.str;
diff --git a/apps/static-users/capabilities.nix b/apps/static-users/capabilities.nix
index 1861888..33679ad 100644
--- a/apps/static-users/capabilities.nix
+++ b/apps/static-users/capabilities.nix
@@ -7,8 +7,6 @@
     # TODO appConfig should come from config to have been fully evaluated
     config.fysiweb-apps.${appConfig.owner}.${appConfig.appName}.${appConfig.appInstanceName}.users;
   ssh-credentials = lib.concatMapAttrs
-    (name: attrs: lib.optionalAttrs (attrs.publicKeyFile != null) {
-      ${name} = { inherit (attrs) publicKeyFile; };
-    })
+    (name: attrs: { ${name} = { inherit (attrs) publicKeyFiles; }; })
     appConfig.users;
 }