Enable passwordless sudo on remote machines

Closes #2
2024-06-19 19:48:23 +01:00 · 2024-06-19 19:48:23 +01:00 · f464d022e5
parent 6fc5a2b1ea
commit f464d022e5
2 changed files with 4 additions and 5 deletions
--- a/colmena/remote.nix
+++ b/colmena/remote.nix
@ -3,9 +3,13 @@
 {
  deployment = {
    targetHost = "${name}.birdsong.network";
+    targetUser = "qenya";
    tags = [ "remote" ];
  };

+  # Required for remote builds
+  security.sudo.wheelNeedsPassword = false;
+
  imports = [
    ../common/openssh.nix
  ];
--- a/common/openssh.nix
+++ b/common/openssh.nix
@ -12,9 +12,4 @@
  services.fail2ban.enable = true;

  networking.firewall.allowedTCPPorts = [ 22 ];
-
-  # Allow remote root login only from home network
-  # TODO: Find a less hacky way of doing remote deployment
-  users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys;
-  services.openssh.extraConfig = "Match Address 45.14.17.200\n    PermitRootLogin prohibit-password";
 }