feat(common): add deploy user

2025-01-02 19:59:05 +00:00 · 2025-01-02 19:59:05 +00:00 · b62d7c32b1
commit b62d7c32b1
parent b873bfd34c
4 changed files with 15 additions and 5 deletions
--- a/common/generic.nix
+++ b/common/generic.nix
@ -4,6 +4,7 @@
  ];

  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.trusted-users = [ "@wheel" "deploy" ];

  boot.tmp.cleanOnBoot = true;
  boot.supportedFilesystems = [ "ntfs" ];
@ -38,6 +39,20 @@
    extraGroups = [ "wheel" "audio" "dialout" "adbusers" ];
  };

+  users.groups.deploy = {};
+  users.users.deploy = {
+    description = "Deploy";
+    group = "deploy";
+    isNormalUser = false;
+    isSystemUser = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDOfH436QTUDSNGd254ADoyBKNRL4Y+abCeWXLt5liW3 deploy@ashhhleyyy.dev"
+    ];
+  };
+  security.sudo.extraRules = [
+    { users = [ "deploy" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
+  ];
+
  security.doas.enable = true;
  security.doas.wheelNeedsPassword = false;

--- a/hosts/amy/configuration.nix
+++ b/hosts/amy/configuration.nix
@ -21,8 +21,6 @@

  console.keyMap = "uk";

-  nix.settings.trusted-users = [ "@wheel" ];
-
  nixpkgs.config.allowUnfree = true;

  services.openssh = {
--- a/hosts/jessica/configuration.nix
+++ b/hosts/jessica/configuration.nix
@ -21,7 +21,6 @@

  console.keyMap = "uk";

-  nix.settings.trusted-users = [ "@wheel" ];

  nixpkgs.config.allowUnfree = true;

--- a/hosts/lea/configuration.nix
+++ b/hosts/lea/configuration.nix
@ -24,8 +24,6 @@

  console.keyMap = "uk";

-  nix.settings.trusted-users = [ "@wheel" ];
-
  nixpkgs.config.allowUnfree = true;

  environment.systemPackages = with pkgs; [