fix: hax up some pwless sudo
This commit is contained in:
parent
c40d7d5b6d
commit
d8482b4998
2 changed files with 13 additions and 18 deletions
|
@ -1,12 +1,6 @@
|
|||
{ outputs
|
||||
, lib
|
||||
, config
|
||||
, ...
|
||||
{...
|
||||
}:
|
||||
let
|
||||
inherit (config.networking) hostName;
|
||||
hosts = outputs.nixosConfigurations;
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
services.openssh = {
|
||||
|
@ -20,10 +14,14 @@ in
|
|||
# Allow forwarding ports to everywhere
|
||||
GatewayPorts = "clientspecified";
|
||||
# Don't allow home-directory authorized_keys
|
||||
|
||||
# authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
|
||||
};
|
||||
};
|
||||
|
||||
security.pam.enableSSHAgentAuth = true;
|
||||
# TODO fix pam, wheel no pass is a bit of a hack
|
||||
# security.pam.enableSSHAgentAuth = true;
|
||||
|
||||
# TODO remove this hack
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
}
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, nixos-hardware, ... }:
|
||||
|
||||
{
|
||||
# imports = [
|
||||
# <nixos-hardware/raspberry-pi/4>
|
||||
# ];
|
||||
imports = [
|
||||
# nixos-hardware.nixosModules.raspberry-pi-4
|
||||
../../common/nixos/openssh.nix
|
||||
];
|
||||
|
||||
nix = {
|
||||
settings = {
|
||||
|
@ -77,10 +78,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
# Passwordless sudo when SSH'ing with keys
|
||||
security.pam.enableSSHAgentAuth = true;
|
||||
security.pam.services.sudo.sshAgentAuth = true;
|
||||
|
||||
# Free up to 1GiB whenever there is less than 100MiB left.
|
||||
nix.extraOptions = ''
|
||||
min-free = ${toString (100 * 1024 * 1024)}
|
||||
|
|
Reference in a new issue