fix: hax up some pwless sudo

This commit is contained in:
truxnell 2024-03-21 20:37:06 +11:00
parent c40d7d5b6d
commit d8482b4998
2 changed files with 13 additions and 18 deletions

View file

@ -1,12 +1,6 @@
{ outputs
, lib
, config
, ...
{...
}:
let
inherit (config.networking) hostName;
hosts = outputs.nixosConfigurations;
in
{
services.openssh = {
@ -20,10 +14,14 @@ in
# Allow forwarding ports to everywhere
GatewayPorts = "clientspecified";
# Don't allow home-directory authorized_keys
# authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
};
};
security.pam.enableSSHAgentAuth = true;
# TODO fix pam, wheel no pass is a bit of a hack
# security.pam.enableSSHAgentAuth = true;
# TODO remove this hack
security.sudo.wheelNeedsPassword = false;
}

View file

@ -1,9 +1,10 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, lib, nixos-hardware, ... }:
{
# imports = [
# <nixos-hardware/raspberry-pi/4>
# ];
imports = [
# nixos-hardware.nixosModules.raspberry-pi-4
../../common/nixos/openssh.nix
];
nix = {
settings = {
@ -77,10 +78,6 @@
];
};
# Passwordless sudo when SSH'ing with keys
security.pam.enableSSHAgentAuth = true;
security.pam.services.sudo.sshAgentAuth = true;
# Free up to 1GiB whenever there is less than 100MiB left.
nix.extraOptions = ''
min-free = ${toString (100 * 1024 * 1024)}