From c4ab768f4b79bca562e311745c40e3c8e30c9de3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Tue, 13 Dec 2022 22:40:23 +0100
Subject: [PATCH] gluon-authorized-keys: add unauthorized_keys to remove access

---
 package/gluon-authorized-keys/check_site.lua         |  1 +
 .../luasrc/lib/gluon/upgrade/100-authorized-keys     | 12 +++++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/package/gluon-authorized-keys/check_site.lua b/package/gluon-authorized-keys/check_site.lua
index 7daf2115..c92fc3e9 100644
--- a/package/gluon-authorized-keys/check_site.lua
+++ b/package/gluon-authorized-keys/check_site.lua
@@ -1 +1,2 @@
 need_string_array(in_site({'authorized_keys'}))
+need_string_array(in_site({'unauthorized_keys'}), false)
diff --git a/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys b/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
index 9eb00dec..90e38614 100755
--- a/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
+++ b/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
@@ -4,6 +4,7 @@ local site = require 'gluon.site'
 local file = '/etc/dropbear/authorized_keys'
 
 local keys = {}
+local rm_keys = {}
 
 local function load_keys()
 	for line in io.lines(file) do
@@ -11,12 +12,21 @@ local function load_keys()
 	end
 end
 
+for _, key in ipairs(site.unauthorized_keys({})) do
+	rm_keys[key] = true
+end
+
 pcall(load_keys)
 
-local f = io.open(file, 'a')
+local f = io.open(file, 'w')
 for _, key in ipairs(site.authorized_keys()) do
 	if not keys[key] then
 		f:write(key .. '\n')
 	end
 end
+for key, _ in pairs(keys) do
+	if not rm_keys[key] then
+		f:write(key .. '\n')
+	end
+end
 f:close()