Introduce colmena-deploy user
This commit is contained in:
parent
bd1d59e8b4
commit
1803025193
|
@ -3,7 +3,6 @@
|
||||||
{
|
{
|
||||||
nix = {
|
nix = {
|
||||||
settings = {
|
settings = {
|
||||||
trusted-users = [ "@wheel" ];
|
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
experimental-features = [ "nix-command" "flakes" ];
|
experimental-features = [ "nix-command" "flakes" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,6 +2,9 @@
|
||||||
# Sources for this configuration:
|
# Sources for this configuration:
|
||||||
# - a generated NixOS 23.05 configuration
|
# - a generated NixOS 23.05 configuration
|
||||||
# - https://nixos.org/manual/nixos/stable/#sec-user-management
|
# - https://nixos.org/manual/nixos/stable/#sec-user-management
|
||||||
|
# - https://git.grzb.de/yuri/nix-infra/-/blob/aa38daeea59f2ca12b7e591de6f8b61565780c48/configuration/common/default.nix#L19
|
||||||
|
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
|
||||||
|
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
|
||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
@ -11,6 +14,7 @@ let
|
||||||
ref = "trunk";
|
ref = "trunk";
|
||||||
rev = "1b625d752fe5f19fd110871b9e3dfc6c93d3495a";
|
rev = "1b625d752fe5f19fd110871b9e3dfc6c93d3495a";
|
||||||
};
|
};
|
||||||
|
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
|
@ -19,9 +23,17 @@ in
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "Chaos";
|
description = "Chaos";
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
openssh.authorizedKeys.keys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
openssh.authorizedKeys.keys = authorizedKeys;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.colmena-deploy = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
openssh.authorizedKeys.keys = authorizedKeys;
|
||||||
|
};
|
||||||
|
|
||||||
|
nix.settings.trusted-users = [ "colmena-deploy" ];
|
||||||
|
|
||||||
# Since our user doesn't have a password, allow passwordless sudo for wheel.
|
# Since our user doesn't have a password, allow passwordless sudo for wheel.
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "audio.z9.ccchh.net";
|
targetHost = "audio.z9.ccchh.net";
|
||||||
targetPort = 22;
|
targetPort = 22;
|
||||||
targetUser = "chaos";
|
targetUser = "colmena-deploy";
|
||||||
tags = "thinkcccluster";
|
tags = "thinkcccluster";
|
||||||
};
|
};
|
||||||
imports = [
|
imports = [
|
||||||
|
|
Loading…
Reference in a new issue