test
This commit is contained in:
parent
151ca5c435
commit
4649d579d4
7 changed files with 53 additions and 26 deletions
|
@ -4,7 +4,5 @@
|
||||||
home.file.".ssh/config".text = ''
|
home.file.".ssh/config".text = ''
|
||||||
Host 192.168.1.210
|
Host 192.168.1.210
|
||||||
StrictHostKeyChecking no
|
StrictHostKeyChecking no
|
||||||
Host nixos-vm-01
|
|
||||||
ForwardAgent yes
|
|
||||||
'';
|
'';
|
||||||
}
|
}
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, pkgs, hostname, ... }: {
|
{ config, pkgs, hostname, ... }: {
|
||||||
|
# enable passwordless elevation
|
||||||
|
# Useful for deploy-rs
|
||||||
|
security.pam.enableSSHAgentAuth = true;
|
||||||
|
programs.ssh.startAgent = true;
|
||||||
|
programs.ssh.agentTimeout = "1h";
|
||||||
# By default no ports are open.
|
# By default no ports are open.
|
||||||
# When ./tailscale.nix is imported, port 22 on the tailscale interface is then opened.
|
# When ./tailscale.nix is imported, port 22 on the tailscale interface is then opened.
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
|
|
@ -25,10 +25,6 @@
|
||||||
./hosts/${hostname}
|
./hosts/${hostname}
|
||||||
] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop};
|
] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop};
|
||||||
|
|
||||||
# enable passwordless elevation
|
|
||||||
# Useful for deploy-rs
|
|
||||||
security.pam.enableSSHAgentAuth = true;
|
|
||||||
|
|
||||||
# List packages installed in system profile
|
# List packages installed in system profile
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
sbctl # Secureboot Control
|
sbctl # Secureboot Control
|
||||||
|
|
|
@ -12,10 +12,6 @@
|
||||||
./users/${username}
|
./users/${username}
|
||||||
./hosts/${hostname}
|
./hosts/${hostname}
|
||||||
] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop};
|
] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop};
|
||||||
|
|
||||||
# enable passwordless elevation
|
|
||||||
# Useful for deploy-rs
|
|
||||||
security.pam.enableSSHAgentAuth = true;
|
|
||||||
|
|
||||||
# List packages installed in system profile
|
# List packages installed in system profile
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
@ -18,10 +18,6 @@
|
||||||
./users/${username}
|
./users/${username}
|
||||||
./hosts/${hostname}
|
./hosts/${hostname}
|
||||||
];
|
];
|
||||||
|
|
||||||
# enable passwordless elevation
|
|
||||||
# Useful for deploy-rs
|
|
||||||
security.pam.enableSSHAgentAuth = true;
|
|
||||||
|
|
||||||
# List packages installed in system profile
|
# List packages installed in system profile
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
@ -3,7 +3,7 @@ let
|
||||||
ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
|
ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
|
||||||
in {
|
in {
|
||||||
# Define a user account.
|
# Define a user account.
|
||||||
imports = [ ] ++ lib.optional (builtins.isString desktop) ./desktop.nix;
|
imports = [ /*./switcher.nix*/ ] ++ lib.optional (builtins.isString desktop) ./desktop.nix;
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
users.users.albert = {
|
users.users.albert = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
@ -22,15 +22,17 @@ in {
|
||||||
nix.settings.trusted-users = [ "albert" ];
|
nix.settings.trusted-users = [ "albert" ];
|
||||||
|
|
||||||
# No sudo password - deploy-rs
|
# No sudo password - deploy-rs
|
||||||
security.sudo.extraRules = [
|
# security.sudo.extraRules = [
|
||||||
{
|
# {
|
||||||
users = [ "albert" ];
|
# users = [ "albert" ];
|
||||||
commands = [
|
# commands = [
|
||||||
{
|
# {
|
||||||
command = "ALL";
|
# command = "ALL";
|
||||||
options = [ "NOPASSWD" ];
|
# options = [ "NOPASSWD" ];
|
||||||
}
|
# }
|
||||||
];
|
# ];
|
||||||
}
|
# }
|
||||||
];
|
# ];
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
34
nixos/users/albert/switcher.nix
Normal file
34
nixos/users/albert/switcher.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{self, ...}: {
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
# https://github.com/NobbZ/nixos-config/blob/a1c99894088f43a0ba31812ad53f0e09dc36f15a/nixos/modules/switcher.nix#L14-L31
|
||||||
|
_file = ./switcher.nix;
|
||||||
|
|
||||||
|
environment.systemPackages = [self.packages."${pkgs.system}".switcher];
|
||||||
|
|
||||||
|
security.sudo.extraRules = let
|
||||||
|
storePrefix = "/nix/store/*";
|
||||||
|
systemName = "nixos-system-${config.networking.hostName}-*";
|
||||||
|
in [
|
||||||
|
{
|
||||||
|
commands = [
|
||||||
|
{
|
||||||
|
command = "${storePrefix}-nix-*/bin/nix-env -p /nix/var/nix/profiles/system --set ${storePrefix}-${systemName}";
|
||||||
|
options = ["NOPASSWD"];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
groups = ["wheel"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
commands = [
|
||||||
|
{
|
||||||
|
command = "${storePrefix}-${systemName}/bin/switch-to-configuration";
|
||||||
|
options = ["NOPASSWD"];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
groups = ["wheel"];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
Loading…
Reference in a new issue