Configured remote deployments

Also includes some misc fixes for bugs I ran into along the way.
2023-04-16 10:07:42 -07:00 · 2023-04-16 10:07:42 -07:00 · 58efac7f13
commit 58efac7f13
parent 7d8328b880
9 changed files with 107 additions and 32 deletions
--- a/modules/services/nix-serve/default.nix
+++ b/modules/services/nix-serve/default.nix
@ -22,6 +22,8 @@ in {
  };

  config = mkIf cfg.enable {
+    nix.settings.allowed-users = ["nix-serve"];
+
    services = {
      nix-serve = {
        enable = true;
--- a/modules/services/openssh/default.nix
+++ b/modules/services/openssh/default.nix
@ -21,22 +21,23 @@ in {
      default = [default-key];
      description = "The public keys to authorize";
    };
+  };

-    config = mkIf config.enable {
-      services.openssh = {
-        enable = true;
-        settings = {
-          PasswordAuthentication = false;
-          PermitRootLogin =
-            if format == "install-iso"
-            then true
-            else false;
-        };
+  config = mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        PermitRootLogin = mkDefault (
+          if format == "install-iso"
+          then "yes"
+          else "no"
+        );
      };
+    };

-      aa.home.extraOptions = {
-        programs.openssh.authorizedKeys.keys = cfg.authorizedKeys;
-      };
+    aa.user.extraOptions = {
+      openssh.authorizedKeys.keys = cfg.authorizedKeys;
    };
  };
 }