qenya/nixfiles
1
0
Fork 0
Code Issues 5 Pull requests Actions Activity

Enable passwordless sudo on remote machines

Browse source 
Closes #2
This commit is contained in:
Katherina Walshe-Grey 2024-06-19 19:48:23 +01:00
parent 6fc5a2b1ea
commit f464d022e5
2 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
colmena/remote.nix
View file

@ -3,9 +3,13 @@
{ {
deployment = { deployment = {
targetHost = "${name}.birdsong.network"; targetHost = "${name}.birdsong.network";
targetUser = "qenya";
tags = [ "remote" ]; tags = [ "remote" ];
}; };
# Required for remote builds
security.sudo.wheelNeedsPassword = false;
imports = [ imports = [
../common/openssh.nix ../common/openssh.nix
]; ];

5
common/openssh.nix
View file

@ -12,9 +12,4 @@
services.fail2ban.enable = true; services.fail2ban.enable = true;
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
# Allow remote root login only from home network
# TODO: Find a less hacky way of doing remote deployment
users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys;
services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password";
} }