feat: add deploy-rs user config
This commit is contained in:
parent
d9f0ada04f
commit
f5d4d16c03
3 changed files with 14 additions and 13 deletions
|
@ -15,7 +15,7 @@
|
||||||
"sntrup761x25519-sha512@openssh.com"
|
"sntrup761x25519-sha512@openssh.com"
|
||||||
];
|
];
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
PermitRootLogin = "no";
|
PermitRootLogin = "prohibit-password";
|
||||||
StreamLocalBindUnlink = "yes";
|
StreamLocalBindUnlink = "yes";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,8 +4,6 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
|
|
||||||
|
|
||||||
nu_scripts = "${pkgs.nu_scripts}/share/nu_scripts";
|
nu_scripts = "${pkgs.nu_scripts}/share/nu_scripts";
|
||||||
mkCompletions = completions:
|
mkCompletions = completions:
|
||||||
lib.concatStringsSep "\n" (
|
lib.concatStringsSep "\n" (
|
||||||
|
@ -17,14 +15,18 @@
|
||||||
in {
|
in {
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
users.mutableUsers = false;
|
users = {
|
||||||
users.users.root.hashedPasswordFile = config.age.secrets."system/password-root".path;
|
mutableUsers = false;
|
||||||
|
users.root = {
|
||||||
users.users.winston = {
|
hashedPasswordFile = config.age.secrets."system/password-root".path;
|
||||||
|
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/mwLoiuaQ6KH+1IOvYO541gq37S43pYtMetilMG3v5"] ++ config.users.users.winston.openssh.authorizedKeys.keys;
|
||||||
|
};
|
||||||
|
users.winston = {
|
||||||
extraGroups = ["wheel"];
|
extraGroups = ["wheel"];
|
||||||
hashedPasswordFile = config.age.secrets."system/password-winston".path;
|
hashedPasswordFile = config.age.secrets."system/password-winston".path;
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
openssh.authorizedKeys.keys = keys;
|
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
|
|
|
@ -41,8 +41,7 @@
|
||||||
deploy.nodes.main-node = {
|
deploy.nodes.main-node = {
|
||||||
hostname = "winston.sh";
|
hostname = "winston.sh";
|
||||||
profiles.system = {
|
profiles.system = {
|
||||||
user = "winston";
|
sshUser = "root";
|
||||||
remoteBuild = true;
|
|
||||||
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.main-node;
|
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.main-node;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue