From f464d022e523fb38e946a67b57042a4e5c975c03 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@katherina.rocks>
Date: Wed, 19 Jun 2024 19:48:23 +0100
Subject: [PATCH] Enable passwordless sudo on remote machines

Closes #2
---
 colmena/remote.nix | 4 ++++
 common/openssh.nix | 5 -----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/colmena/remote.nix b/colmena/remote.nix
index efe4e6e..47191f7 100644
--- a/colmena/remote.nix
+++ b/colmena/remote.nix
@@ -3,9 +3,13 @@
 {
   deployment = {
     targetHost = "${name}.birdsong.network";
+    targetUser = "qenya";
     tags = [ "remote" ];
   };
 
+  # Required for remote builds
+  security.sudo.wheelNeedsPassword = false;
+
   imports = [
     ../common/openssh.nix
   ];
diff --git a/common/openssh.nix b/common/openssh.nix
index 5e9651a..6715088 100644
--- a/common/openssh.nix
+++ b/common/openssh.nix
@@ -12,9 +12,4 @@
   services.fail2ban.enable = true;
 
   networking.firewall.allowedTCPPorts = [ 22 ];
-
-  # Allow remote root login only from home network
-  # TODO: Find a less hacky way of doing remote deployment
-  users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys;
-  services.openssh.extraConfig = "Match Address 45.14.17.200\n    PermitRootLogin prohibit-password";
 }
\ No newline at end of file