lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

ops/nixos: tidy up various warnings

Browse source
This commit is contained in:
Luke Granger-Brown 2024-03-01 17:29:10 +00:00
parent c7cb07f092
commit 41a28dc2f5
2 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
ops/nixos/lib/common.nix
View file

@ -154,7 +154,12 @@ in
}; };
environment.homeBinInPath = true; environment.homeBinInPath = true;
security.pam.enableSSHAgentAuth = true; security.pam.sshAgentAuth = {
enable = true;
authorizedKeysFiles = [
(toString ../../secrets/ssh-agent-pam.pub)
];
};
security.pam.ussh = { security.pam.ussh = {
enable = true; enable = true;
control = "sufficient"; control = "sufficient";
@ -329,7 +334,7 @@ in
services.fwupd.enable = true; services.fwupd.enable = true;
# This is enabled independently of my.scrapeJournal.enable. # This is enabled independently of my.scrapeJournal.enable.
services.journald.enableHttpGateway = config.my.ip.tailscale != null || config.my.ip.tailscale6 != null; services.journald.gateway.enable = config.my.ip.tailscale != null || config.my.ip.tailscale6 != null;
systemd.sockets.systemd-journal-gatewayd.socketConfig = lib.optionalAttrs (config.my.ip.tailscale != null) { systemd.sockets.systemd-journal-gatewayd.socketConfig = lib.optionalAttrs (config.my.ip.tailscale != null) {
ListenStream = [ "" ] ++ (lib.optional (config.my.ip.tailscale != null) "${config.my.ip.tailscale}:19531") ++ (lib.optional (config.my.ip.tailscale6 != null) "[${config.my.ip.tailscale6}:19531"); ListenStream = [ "" ] ++ (lib.optional (config.my.ip.tailscale != null) "${config.my.ip.tailscale}:19531") ++ (lib.optional (config.my.ip.tailscale6 != null) "[${config.my.ip.tailscale6}:19531");
FreeBind = true; FreeBind = true;

4
ops/secrets/ssh-agent-pam.pub Normal file
View file

@ -0,0 +1,4 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILid+1rq3k3k7Kbaw8X63vrPrQdanH55TucQwp3ZWfo+ lukegb@porcorosso
sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAgBXCPpGxeapXvRW8z+/ZFMXvZ9q+Z2mcn5ApCSKqkS7CQjlzTj7Z21/DRQEXQALALLyqfFhcDm1VZkEp/ruBYAAAAEc3NoOg== lukegb@porcorosso
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINytpHct7PLdLNp6MoaOPP7ccBPUQKymVNMqix//Wt1f termius
cert-authority,principals="lukegb" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqNOwlR7Qa8cbGpDfSCOweDPbAGQOZIcoRgh6s/J8DR vault-clients