feat: add deploy-rs user config
This commit is contained in:
parent
d9f0ada04f
commit
f5d4d16c03
3 changed files with 14 additions and 13 deletions
|
@ -15,7 +15,7 @@
|
|||
"sntrup761x25519-sha512@openssh.com"
|
||||
];
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
PermitRootLogin = "prohibit-password";
|
||||
StreamLocalBindUnlink = "yes";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -4,8 +4,6 @@
|
|||
pkgs,
|
||||
...
|
||||
}: let
|
||||
keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
|
||||
|
||||
nu_scripts = "${pkgs.nu_scripts}/share/nu_scripts";
|
||||
mkCompletions = completions:
|
||||
lib.concatStringsSep "\n" (
|
||||
|
@ -17,14 +15,18 @@
|
|||
in {
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
users.mutableUsers = false;
|
||||
users.users.root.hashedPasswordFile = config.age.secrets."system/password-root".path;
|
||||
|
||||
users.users.winston = {
|
||||
extraGroups = ["wheel"];
|
||||
hashedPasswordFile = config.age.secrets."system/password-winston".path;
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = keys;
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users.root = {
|
||||
hashedPasswordFile = config.age.secrets."system/password-root".path;
|
||||
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/mwLoiuaQ6KH+1IOvYO541gq37S43pYtMetilMG3v5"] ++ config.users.users.winston.openssh.authorizedKeys.keys;
|
||||
};
|
||||
users.winston = {
|
||||
extraGroups = ["wheel"];
|
||||
hashedPasswordFile = config.age.secrets."system/password-winston".path;
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
|
||||
};
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
|
|
|
@ -41,8 +41,7 @@
|
|||
deploy.nodes.main-node = {
|
||||
hostname = "winston.sh";
|
||||
profiles.system = {
|
||||
user = "winston";
|
||||
remoteBuild = true;
|
||||
sshUser = "root";
|
||||
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.main-node;
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue