fix: hax up some pwless sudo

nixos/hosts/common/nixos/openssh.nix

@@ -1,12 +1,6 @@
-{ outputs
+{...
-, lib
-, config
-, ...
 }:
-let
+
-  inherit (config.networking) hostName;
-  hosts = outputs.nixosConfigurations;
-in
 {
 
   services.openssh = {
@@ -20,10 +14,14 @@ in
       # Allow forwarding ports to everywhere
       GatewayPorts = "clientspecified";
       # Don't allow home-directory authorized_keys
-
+      # authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
     };
   };
 
-  security.pam.enableSSHAgentAuth = true;
+  # TODO fix pam, wheel no pass is a bit of a hack
+  # security.pam.enableSSHAgentAuth = true;
+
+  # TODO remove this hack
+  security.sudo.wheelNeedsPassword = false;
 
 }

nixos/hosts/images/sd-image/default.nix

@@ -1,9 +1,10 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, nixos-hardware, ... }:
 
 {
-  # imports = [
+  imports = [
-  #   <nixos-hardware/raspberry-pi/4>
+    # nixos-hardware.nixosModules.raspberry-pi-4
-  # ];
+    ../../common/nixos/openssh.nix
+  ];
 
   nix = {
     settings = {
@@ -77,10 +78,6 @@
     ];
   };
 
-  # Passwordless sudo when SSH'ing with keys
-  security.pam.enableSSHAgentAuth = true;
-  security.pam.services.sudo.sshAgentAuth = true;
-
   # Free up to 1GiB whenever there is less than 100MiB left.
   nix.extraOptions = ''
     min-free = ${toString (100 * 1024 * 1024)}