diff --git a/ops/nixos/lib/client.nix b/ops/nixos/lib/client.nix index 10ea35cec5..7cb77d77a1 100644 --- a/ops/nixos/lib/client.nix +++ b/ops/nixos/lib/client.nix @@ -9,6 +9,7 @@ in { config = { my.home-manager.imports = lib.mkAfter [ ./home-manager/client.nix ]; + programs.ssh.startAgent = true; nix.gc.automatic = false; }; } diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix index 4484dc9413..4cfb9837e9 100644 --- a/ops/nixos/lib/common.nix +++ b/ops/nixos/lib/common.nix @@ -57,8 +57,7 @@ in }; environment.homeBinInPath = true; - security.doas.wheelNeedsPassword = false; - security.sudo.wheelNeedsPassword = false; + security.pam.enableSSHAgentAuth = true; users.mutableUsers = false; users.users = let secrets = depot.ops.secrets; in { @@ -74,6 +73,7 @@ in ../../secrets/lukegb_porcorosso_win.pub ../../secrets/lukegb_porcorosso_wsl.pub ../../secrets/lukegb_porcorosso_linux.pub + ../../secrets/lukegb_red_solo.pub ]; }; deployer = { diff --git a/ops/secrets/lukegb_red_solo.pub b/ops/secrets/lukegb_red_solo.pub new file mode 100644 index 0000000000..b395bfd202 --- /dev/null +++ b/ops/secrets/lukegb_red_solo.pub @@ -0,0 +1 @@ +sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAgBXCPpGxeapXvRW8z+/ZFMXvZ9q+Z2mcn5ApCSKqkS7CQjlzTj7Z21/DRQEXQALALLyqfFhcDm1VZkEp/ruBYAAAAEc3NoOg== lukegb-red-solo-key