2022-12-13 01:19:48 +00:00
|
|
|
# Mainly used for managing the installations with deploy-rs.
|
2022-11-25 13:25:40 +00:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
2022-12-04 23:17:57 +00:00
|
|
|
let
|
|
|
|
|
name = "admin";
|
|
|
|
|
in
|
2022-11-25 13:25:40 +00:00
|
|
|
{
|
2022-12-04 23:17:57 +00:00
|
|
|
users.users.${name} = {
|
2022-11-25 13:25:40 +00:00
|
|
|
description = "The administrator account for the servers.";
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = [ "wheel" ];
|
|
|
|
|
useDefaultShell = true;
|
2022-11-27 16:41:27 +00:00
|
|
|
openssh.authorizedKeys.keyFiles = [
|
2022-12-03 05:44:40 +00:00
|
|
|
../../home-manager/foo-dogsquared/files/ssh-key.pub
|
|
|
|
|
../../../hosts/ni/files/ssh-key.pub
|
2022-11-25 13:25:40 +00:00
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2022-12-13 01:19:48 +00:00
|
|
|
# We're going passwordless, baybee!
|
|
|
|
|
security.sudo.extraRules = [{
|
|
|
|
|
users = [ name ];
|
2022-12-14 09:33:05 +00:00
|
|
|
commands = [{
|
|
|
|
|
command = "ALL";
|
|
|
|
|
options = [ "NOPASSWD" ];
|
|
|
|
|
}];
|
2022-12-13 01:19:48 +00:00
|
|
|
}];
|
|
|
|
|
|
|
|
|
|
security.doas.extraRules = [{
|
|
|
|
|
users = [ name ];
|
|
|
|
|
noPass = true;
|
|
|
|
|
}];
|
|
|
|
|
|
2022-12-04 23:17:57 +00:00
|
|
|
# This is also a trusted user for the Nix daemon.
|
|
|
|
|
nix.settings.trusted-users = [ name ];
|
|
|
|
|
|
|
|
|
|
# Allow the user to easily enter into several services such as the database
|
|
|
|
|
# services to allowing some debugging.
|
|
|
|
|
services.postgresql.ensureUsers = [ { inherit name; } ];
|
|
|
|
|
services.mysql.ensureUsers = [ { inherit name; } ];
|
2022-11-25 13:25:40 +00:00
|
|
|
}
|
