winston/infra
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

feat: add deploy-rs user config

Browse source
This commit is contained in:
winston 2024-09-16 20:57:30 +02:00
parent d9f0ada04f
commit f5d4d16c03
Signed by: winston
GPG key ID: 3786770EDBC2B481
3 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/network.nix
View file

@ -15,7 +15,7 @@
"sntrup761x25519-sha512@openssh.com" "sntrup761x25519-sha512@openssh.com"
]; ];
PasswordAuthentication = false; PasswordAuthentication = false;
PermitRootLogin = "no"; PermitRootLogin = "prohibit-password";
StreamLocalBindUnlink = "yes"; StreamLocalBindUnlink = "yes";
}; };
}; };

22
config/users.nix
View file

@ -4,8 +4,6 @@
pkgs, pkgs,
... ...
}: let }: let
keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
nu_scripts = "${pkgs.nu_scripts}/share/nu_scripts"; nu_scripts = "${pkgs.nu_scripts}/share/nu_scripts";
mkCompletions = completions: mkCompletions = completions:
lib.concatStringsSep "\n" ( lib.concatStringsSep "\n" (
@ -17,14 +15,18 @@
in { in {
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
users.mutableUsers = false; users = {
users.users.root.hashedPasswordFile = config.age.secrets."system/password-root".path; mutableUsers = false;
users.root = {
users.users.winston = { hashedPasswordFile = config.age.secrets."system/password-root".path;
extraGroups = ["wheel"]; openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/mwLoiuaQ6KH+1IOvYO541gq37S43pYtMetilMG3v5"] ++ config.users.users.winston.openssh.authorizedKeys.keys;
hashedPasswordFile = config.age.secrets."system/password-winston".path; };
isNormalUser = true; users.winston = {
openssh.authorizedKeys.keys = keys; extraGroups = ["wheel"];
hashedPasswordFile = config.age.secrets."system/password-winston".path;
isNormalUser = true;
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
};
}; };
home-manager = { home-manager = {

3
flake.nix
View file

@ -41,8 +41,7 @@
deploy.nodes.main-node = { deploy.nodes.main-node = {
hostname = "winston.sh"; hostname = "winston.sh";
profiles.system = { profiles.system = {
user = "winston"; sshUser = "root";
remoteBuild = true;
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.main-node; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.main-node;
}; };
}; };