From a3721b311e8aabbebfab76088f8279f2ea3499b5 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@katherina.rocks>
Date: Wed, 19 Jun 2024 19:48:23 +0100
Subject: [PATCH] Enable passwordless sudo on remote machines

Closes #2
---
 colmena/remote.nix            |  4 ++++
 common/openssh.nix            |  5 -----
 hosts/tohru/configuration.nix |  1 +
 hosts/tohru/syncthing.nix     | 16 ++++++++++++++++
 4 files changed, 21 insertions(+), 5 deletions(-)
 create mode 100644 hosts/tohru/syncthing.nix

diff --git a/colmena/remote.nix b/colmena/remote.nix
index efe4e6e..47191f7 100644
--- a/colmena/remote.nix
+++ b/colmena/remote.nix
@@ -3,9 +3,13 @@
 {
   deployment = {
     targetHost = "${name}.birdsong.network";
+    targetUser = "qenya";
     tags = [ "remote" ];
   };
 
+  # Required for remote builds
+  security.sudo.wheelNeedsPassword = false;
+
   imports = [
     ../common/openssh.nix
   ];
diff --git a/common/openssh.nix b/common/openssh.nix
index 5e9651a..6715088 100644
--- a/common/openssh.nix
+++ b/common/openssh.nix
@@ -12,9 +12,4 @@
   services.fail2ban.enable = true;
 
   networking.firewall.allowedTCPPorts = [ 22 ];
-
-  # Allow remote root login only from home network
-  # TODO: Find a less hacky way of doing remote deployment
-  users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys;
-  services.openssh.extraConfig = "Match Address 45.14.17.200\n    PermitRootLogin prohibit-password";
 }
\ No newline at end of file
diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix
index 70865b3..c30e2ee 100644
--- a/hosts/tohru/configuration.nix
+++ b/hosts/tohru/configuration.nix
@@ -7,6 +7,7 @@
       ./home.nix
       ../../common/fonts.nix
       ../../common/gaming.nix
+      ./syncthing.nix
     ];
 
   boot.loader.systemd-boot.enable = true;
diff --git a/hosts/tohru/syncthing.nix b/hosts/tohru/syncthing.nix
new file mode 100644
index 0000000..4d8f10d
--- /dev/null
+++ b/hosts/tohru/syncthing.nix
@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.syncthing = {
+    enable = true;
+    user = "qenya";
+    dataDir = "/data/syncthing";
+    overrideDevices = true;
+    overrideFolders = true;
+    settings = {
+      devices = {
+        "kilgharrah" = { id = "RDT7IGD-76FZ6LY-37PPB2W-DWPQRPR-LZ4AXF7-4GIIHYJ-RVXUUSG-ZXPN3AZ"; };
+      };
+    };
+  };
+}