remove old monitoring user and try to fix sudo for the new user
This commit is contained in:
parent
05459a50e1
commit
cd10452112
|
@ -1,22 +1,18 @@
|
||||||
{ lib, pkgs, ... }:
|
{ lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
agentcmd = "${ (pkgs.callPackage ./checkmk-agent/default.nix { }) }/bin/check_mk_agent.sshwrapper";
|
agentcmd = "${ (pkgs.callPackage ./checkmk-agent/default.nix { }) }/bin/check_mk_agent.sshwrapper";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
users.users.mon = {
|
users.users.mon = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
''restrict,command="${ agentcmd }" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHkivi9Ye/Uj4ZQxrEfarSaz0iLF/XXhY/crNsLoDMu checkmk''
|
''restrict,command="${ agentcmd }" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHkivi9Ye/Uj4ZQxrEfarSaz0iLF/XXhY/crNsLoDMu checkmk''
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
security.sudo.extraRules = [ {
|
security.sudo.extraConfig = ''
|
||||||
users = [ "mon" ];
|
## Allow the monitor user to run commands as root
|
||||||
commands = [ {
|
mon ALL=(ALL) NOPASSWD: ALL
|
||||||
command = agentcmd;
|
'';
|
||||||
options = [ "NOPASSWD" ];
|
|
||||||
} ];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
10
sshusers.nix
10
sshusers.nix
|
@ -31,13 +31,5 @@ let
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
users.users = (lib.genAttrs [ "tokudan" "Entil_Zha" "alexander" "kantorkel" "djerun" "nico22" ] mkuser) // {
|
users.users = (lib.genAttrs [ "tokudan" "Entil_Zha" "alexander" "kantorkel" "djerun" "nico22" ] mkuser);
|
||||||
jamonitor = { name = "jamonitor"; isNormalUser = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCdIGniuakk1Li8gkpGABVBgkkUGGWYcM9qQRgcuYiKK/agidZ9KQ6YktOjakWsSPRpB2OHzr8GHaVpKMNlkAsq4W20d9RrO1+FrP96rNm/Op3X10SDNMdD5qcMq36BWxMig/8L75pbGqEZmcOi4/ZbgzaTh+lWTGG/1d2xwzi99BO0YeimDoZ+fAOqxfJAVirJVBuhqf+H9FGkD1G6zdDv+EzOnj4TT70LFNC90NoVFvus2nxVv8vY1kLLVSkNMIgZXn87A7GcmjrKUmONcfx/rgkt2VwsKS7Cj2YWz8ihiy7p5wg+oS/62BTFbKcLwwpcBaMwLiESuj1+fRgjwkwaqWcVeJAzjsAuLtGtIOWeWXCUlkyv9WoFE7he0tTB76tW5ysy3ibMmFE3duPAtn7Q3Rsu4n4UL2kKdtjVqFsW3AkTi+U7gsd17K84VoCf5Is2hNqKzjXBdCs/a57ZcrwOmMqGJZJp49XTW8EEAT/Emur0b2J4BcF4z/3oqrs/h8LIyoSjLhamT9EoODHb/6iz/xRbymCzoiu1CMRUQuqThlqe7uN5InjOyXbaWmjdN+svRik4CzQ9J+xCkuw+BzhwsPu8EKV5Yo4Uvpr6UTxXzuHN5GxrUFwD8d7VBSJPuY6DfhSNwCIPB2awUxXwFhdENM2zFWEbzGQcZ1DhUh3/5w=="
|
|
||||||
]; };
|
|
||||||
};
|
|
||||||
security.sudo.extraConfig = ''
|
|
||||||
## Allow the monitor user to run commands as root
|
|
||||||
jamonitor ALL=(ALL) NOPASSWD: ALL
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue