modules/darwin/builder: various
- drop unnecessary description and group - use postActivation to give build user ssh access
This commit is contained in:
zowoq
parent
cbbece4fc3
commit
590a46c1e0
1 changed files with 5 additions and 8 deletions
|
|
@ -1,25 +1,22 @@
|
||||||
{
|
{
|
||||||
users.knownGroups = [ "nix" ];
|
|
||||||
users.knownUsers = [ "nix" ];
|
users.knownUsers = [ "nix" ];
|
||||||
|
|
||||||
users.groups.nix = {
|
|
||||||
name = "nix";
|
|
||||||
gid = 8765;
|
|
||||||
description = "Group for remote build clients";
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.nix = {
|
users.users.nix = {
|
||||||
name = "nix";
|
name = "nix";
|
||||||
uid = 8765;
|
uid = 8765;
|
||||||
home = "/Users/nix";
|
home = "/Users/nix";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
shell = "/bin/zsh";
|
shell = "/bin/zsh";
|
||||||
description = "User for remote build clients";
|
|
||||||
# if user is removed the keys need to be removed manually from /etc/ssh/authorized_keys.d
|
# if user is removed the keys need to be removed manually from /etc/ssh/authorized_keys.d
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmdo1x1QkRepZf7nSe+OdEWX+wOjkBLF70vX9F+xf68 builder"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmdo1x1QkRepZf7nSe+OdEWX+wOjkBLF70vX9F+xf68 builder"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# add build user to group for ssh access
|
||||||
|
system.activationScripts.postActivation.text = ''
|
||||||
|
dseditgroup -o edit -a "nix" -t user com.apple.access_ssh
|
||||||
|
'';
|
||||||
|
|
||||||
nix.settings.trusted-users = [ "nix" ];
|
nix.settings.trusted-users = [ "nix" ];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue