From 83dfc24001e0846c9f631f3902fd7139a60439ba Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Tue, 17 Sep 2019 21:42:15 -0700 Subject: [depo] enable deploy user and change password settings Disable password authentication for ssh. We only use key-based ssh auth and don't set passwords, so this shouldn't work anyway. Also enable passwordless sudo, since we don't set passwords. --- depo/nutin-madaj/default.nix | 8 +++++++- depo/users.nix | 3 ++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix index b2afae8..4d9dd02 100644 --- a/depo/nutin-madaj/default.nix +++ b/depo/nutin-madaj/default.nix @@ -54,6 +54,13 @@ nixos { withUtempter = true; }; + services.openssh = { + enable = true; + passwordAuthentication = false; + }; + + security.sudo.wheelNeedsPassword = true; + # our custom apps #services = { # ibb = { @@ -83,6 +90,5 @@ nixos { #}; boot.cleanTmpDir = true; - services.openssh.enable = true; }; } diff --git a/depo/users.nix b/depo/users.nix index 9093566..cd73996 100644 --- a/depo/users.nix +++ b/depo/users.nix @@ -8,7 +8,8 @@ in users = { # bots deploy = { - isSystemUser = true; + isNormalUser = true; + home = "/home/deploy"; openssh.authorizedKeys.keys = [ (key "deploy.pub") ]; extraGroups = [ "wheel" ]; }; -- cgit v1.2.3