users: add deploy

2025-08-30 18:13:07 +10:00 · 2025-08-30 18:13:07 +10:00 · cded5bfdf7
commit cded5bfdf7
parent 2a096e3d0d
2 changed files with 29 additions and 0 deletions
--- a/modules/users/deploy.nix
+++ b/modules/users/deploy.nix
@ -0,0 +1,28 @@
+{ config, lib, pkgs, ...}:
+
+{
+  users.users.deploy = {
+    isNormalUser = true;
+    home = "/var/empty";
+    group = "deploy";
+  };
+
+  users.groups.deploy = {};
+
+  users.users.deploy.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILXwl+UyfeN/9M/z21mlVS3guYEqIjtgAf5pCPkjXhR0"
+  ];
+
+  security.sudo.extraRules = [
+    {
+      users = [ "deploy" ];
+      runAs = "root";
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+}