28 lines
519 B
Nix
28 lines
519 B
Nix
{ config, lib, pkgs, ...}:
|
|
|
|
{
|
|
users.users.deploy = {
|
|
isNormalUser = true;
|
|
home = "/var/empty";
|
|
group = "deploy";
|
|
};
|
|
|
|
users.groups.deploy = {};
|
|
|
|
users.users.deploy.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILXwl+UyfeN/9M/z21mlVS3guYEqIjtgAf5pCPkjXhR0"
|
|
];
|
|
|
|
security.sudo.extraRules = [
|
|
{
|
|
users = [ "deploy" ];
|
|
runAs = "root";
|
|
commands = [
|
|
{
|
|
command = "ALL";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
}
|