Enable sudo with ssh key
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
This commit is contained in:
parent
41b1477a6c
commit
22a3d8daca
GPG key ID:
75579581C74554B6
1 changed files with 23 additions and 11 deletions
|
|
@ -24,9 +24,15 @@ in
|
||||||
default = [ default-key ];
|
default = [ default-key ];
|
||||||
description = "The public keys to authorize";
|
description = "The public keys to authorize";
|
||||||
};
|
};
|
||||||
|
passwordlessSudo = lib.mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = "Enable passwordless sudo (use ssh key)";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable lib.mkMerge [
|
||||||
|
{
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
|
|
@ -38,5 +44,11 @@ in
|
||||||
aa.user.extraOptions = {
|
aa.user.extraOptions = {
|
||||||
openssh.authorizedKeys.keys = cfg.authorizedKeys;
|
openssh.authorizedKeys.keys = cfg.authorizedKeys;
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
|
(lib.mkIf cfg.passwordlessSudo {
|
||||||
|
security.pam.rssh.enable = true;
|
||||||
|
security.pam.services.sudo.rssh = true;
|
||||||
|
|
||||||
|
})
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue