forked from CCCHH/nix-infra
Introduce colmena-deploy user
This commit is contained in:
parent
bd1d59e8b4
commit
1803025193
|
@ -3,7 +3,6 @@
|
|||
{
|
||||
nix = {
|
||||
settings = {
|
||||
trusted-users = [ "@wheel" ];
|
||||
auto-optimise-store = true;
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
};
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
# Sources for this configuration:
|
||||
# - a generated NixOS 23.05 configuration
|
||||
# - https://nixos.org/manual/nixos/stable/#sec-user-management
|
||||
# - https://git.grzb.de/yuri/nix-infra/-/blob/aa38daeea59f2ca12b7e591de6f8b61565780c48/configuration/common/default.nix#L19
|
||||
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
|
||||
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
|
@ -11,6 +14,7 @@ let
|
|||
ref = "trunk";
|
||||
rev = "1b625d752fe5f19fd110871b9e3dfc6c93d3495a";
|
||||
};
|
||||
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
||||
in
|
||||
{
|
||||
users.mutableUsers = false;
|
||||
|
@ -19,9 +23,17 @@ in
|
|||
isNormalUser = true;
|
||||
description = "Chaos";
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
||||
openssh.authorizedKeys.keys = authorizedKeys;
|
||||
};
|
||||
|
||||
users.users.colmena-deploy = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = authorizedKeys;
|
||||
};
|
||||
|
||||
nix.settings.trusted-users = [ "colmena-deploy" ];
|
||||
|
||||
# Since our user doesn't have a password, allow passwordless sudo for wheel.
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue