roles/users: remove root ssh
This commit is contained in:
parent
c35f3a85d9
commit
83ea59ab99
1 changed files with 1 additions and 15 deletions
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, ... }:
|
{ lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
userImports =
|
userImports =
|
||||||
|
@ -18,18 +18,4 @@ in
|
||||||
|
|
||||||
# No mutable users
|
# No mutable users
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
|
|
||||||
# Assign keys from all users in wheel group
|
|
||||||
# This is only done because nixops cant be deployed from any other account
|
|
||||||
users.extraUsers.root.openssh.authorizedKeys.keys = lib.unique (
|
|
||||||
lib.flatten (
|
|
||||||
builtins.map (u: u.openssh.authorizedKeys.keys)
|
|
||||||
(
|
|
||||||
lib.attrValues (
|
|
||||||
lib.filterAttrs (_: u: lib.elem "wheel" u.extraGroups)
|
|
||||||
config.users.extraUsers
|
|
||||||
)
|
|
||||||
)
|
|
||||||
)
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue