ops/nixos: add deployer user
This commit is contained in:
parent
bc50bdb7d2
commit
2508b6ed9a
2 changed files with 19 additions and 0 deletions
|
@ -35,7 +35,25 @@ in
|
|||
extraGroups = [ "wheel" ];
|
||||
hashedPassword = secrets.passwordHashes.lukegb;
|
||||
};
|
||||
deployer = {
|
||||
isSystemUser = true;
|
||||
uid = 1001;
|
||||
hashedPassword = "NP";
|
||||
openssh.authorizedKeys.keyFiles = [
|
||||
../../secrets/deployer_ed25519.pub
|
||||
];
|
||||
};
|
||||
};
|
||||
security.sudo.extraRules = [{
|
||||
users = [ "deployer" ];
|
||||
commands = [{
|
||||
command = "${rebuilder}/bin/rebuilder";
|
||||
options = [ "NOPASSWD" ];
|
||||
}];
|
||||
}];
|
||||
security.sudo.extraConfig = ''
|
||||
Defaults:deployer !requiretty
|
||||
'';
|
||||
|
||||
programs.mtr.enable = true;
|
||||
services.openssh.enable = true;
|
||||
|
|
1
ops/secrets/deployer_ed25519.pub
Normal file
1
ops/secrets/deployer_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAz3ZptYA9SjCtZEQwF8/ACCO0W3Edh9asAmNGE2U4bQ lukegb@porcorosso
|
Loading…
Reference in a new issue