modules/darwin/builder: various
- drop unnecessary description and group - use postActivation to give build user ssh access
This commit is contained in:
zowoq
parent
cbbece4fc3
commit
590a46c1e0
1 changed files with 5 additions and 8 deletions
|
|
@ -1,25 +1,22 @@
|
|||
{
|
||||
users.knownGroups = [ "nix" ];
|
||||
users.knownUsers = [ "nix" ];
|
||||
|
||||
users.groups.nix = {
|
||||
name = "nix";
|
||||
gid = 8765;
|
||||
description = "Group for remote build clients";
|
||||
};
|
||||
|
||||
users.users.nix = {
|
||||
name = "nix";
|
||||
uid = 8765;
|
||||
home = "/Users/nix";
|
||||
createHome = true;
|
||||
shell = "/bin/zsh";
|
||||
description = "User for remote build clients";
|
||||
# if user is removed the keys need to be removed manually from /etc/ssh/authorized_keys.d
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmdo1x1QkRepZf7nSe+OdEWX+wOjkBLF70vX9F+xf68 builder"
|
||||
];
|
||||
};
|
||||
|
||||
# add build user to group for ssh access
|
||||
system.activationScripts.postActivation.text = ''
|
||||
dseditgroup -o edit -a "nix" -t user com.apple.access_ssh
|
||||
'';
|
||||
|
||||
nix.settings.trusted-users = [ "nix" ];
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue