fix: hax up some pwless sudo

This commit is contained in:
truxnell 2024-03-21 20:37:06 +11:00
parent c40d7d5b6d
commit d8482b4998
2 changed files with 13 additions and 18 deletions

View file

@ -1,12 +1,6 @@
{ outputs {...
, lib
, config
, ...
}: }:
let
inherit (config.networking) hostName;
hosts = outputs.nixosConfigurations;
in
{ {
services.openssh = { services.openssh = {
@ -20,10 +14,14 @@ in
# Allow forwarding ports to everywhere # Allow forwarding ports to everywhere
GatewayPorts = "clientspecified"; GatewayPorts = "clientspecified";
# Don't allow home-directory authorized_keys # Don't allow home-directory authorized_keys
# authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
}; };
}; };
security.pam.enableSSHAgentAuth = true; # TODO fix pam, wheel no pass is a bit of a hack
# security.pam.enableSSHAgentAuth = true;
# TODO remove this hack
security.sudo.wheelNeedsPassword = false;
} }

View file

@ -1,9 +1,10 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, nixos-hardware, ... }:
{ {
# imports = [ imports = [
# <nixos-hardware/raspberry-pi/4> # nixos-hardware.nixosModules.raspberry-pi-4
# ]; ../../common/nixos/openssh.nix
];
nix = { nix = {
settings = { settings = {
@ -77,10 +78,6 @@
]; ];
}; };
# Passwordless sudo when SSH'ing with keys
security.pam.enableSSHAgentAuth = true;
security.pam.services.sudo.sshAgentAuth = true;
# Free up to 1GiB whenever there is less than 100MiB left. # Free up to 1GiB whenever there is less than 100MiB left.
nix.extraOptions = '' nix.extraOptions = ''
min-free = ${toString (100 * 1024 * 1024)} min-free = ${toString (100 * 1024 * 1024)}