diff options
| author | Franck Cuny <franck@fcuny.net> | 2026-01-24 11:03:00 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2026-01-24 11:03:00 -0800 |
| commit | 3b26e1404698491591023063afc7d94b28978dbb (patch) | |
| tree | ed4c4f0e313ceb3f2590ebd82d26fe74902e8ce6 /profiles | |
| parent | adding a new VM for testing (diff) | |
| download | infra-3b26e1404698491591023063afc7d94b28978dbb.tar.gz | |
ensure ssh keys for root are in the iso
Diffstat (limited to 'profiles')
| -rw-r--r-- | profiles/defaults.nix | 12 | ||||
| -rw-r--r-- | profiles/users/root.nix | 8 |
2 files changed, 10 insertions, 10 deletions
diff --git a/profiles/defaults.nix b/profiles/defaults.nix index 834c28d..ab11f81 100644 --- a/profiles/defaults.nix +++ b/profiles/defaults.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - adminUser, ... }: let @@ -19,6 +18,7 @@ in { imports = [ ./cgroups.nix + ./users/root.nix ]; boot = { @@ -122,15 +122,7 @@ in ## disable that slow "building man-cache" step documentation.man.generateCaches = lib.mkForce false; - users = { - mutableUsers = false; - users.root.openssh.authorizedKeys.keys = with adminUser.userinfo.sshPublicKeys; [ - onepassword - yubikey-personal-nano - yubikey-personal-keychain - yubikey-personal-backup - ]; - }; + users.mutableUsers = false; security.sudo.wheelNeedsPassword = false; diff --git a/profiles/users/root.nix b/profiles/users/root.nix new file mode 100644 index 0000000..4d432a5 --- /dev/null +++ b/profiles/users/root.nix @@ -0,0 +1,8 @@ +{ adminUser, ... }: +{ + users.users.root.openssh.authorizedKeys.keys = with adminUser.userinfo.sshPublicKeys; [ + yubikey-personal-nano + yubikey-personal-keychain + yubikey-personal-backup + ]; +} |