ops/nixos: add deployer user
This commit is contained in:
parent
bc50bdb7d2
commit
2508b6ed9a
2 changed files with 19 additions and 0 deletions
|
@ -35,7 +35,25 @@ in
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
hashedPassword = secrets.passwordHashes.lukegb;
|
hashedPassword = secrets.passwordHashes.lukegb;
|
||||||
};
|
};
|
||||||
|
deployer = {
|
||||||
|
isSystemUser = true;
|
||||||
|
uid = 1001;
|
||||||
|
hashedPassword = "NP";
|
||||||
|
openssh.authorizedKeys.keyFiles = [
|
||||||
|
../../secrets/deployer_ed25519.pub
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
security.sudo.extraRules = [{
|
||||||
|
users = [ "deployer" ];
|
||||||
|
commands = [{
|
||||||
|
command = "${rebuilder}/bin/rebuilder";
|
||||||
|
options = [ "NOPASSWD" ];
|
||||||
|
}];
|
||||||
|
}];
|
||||||
|
security.sudo.extraConfig = ''
|
||||||
|
Defaults:deployer !requiretty
|
||||||
|
'';
|
||||||
|
|
||||||
programs.mtr.enable = true;
|
programs.mtr.enable = true;
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
|
1
ops/secrets/deployer_ed25519.pub
Normal file
1
ops/secrets/deployer_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAz3ZptYA9SjCtZEQwF8/ACCO0W3Edh9asAmNGE2U4bQ lukegb@porcorosso
|
Loading…
Reference in a new issue