Enable sudo with ssh key
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Failing after 0s
This commit is contained in:
parent
41b1477a6c
commit
c9e07fd6ee
GPG key ID:
75579581C74554B6
1 changed files with 27 additions and 13 deletions
|
|
@ -24,19 +24,33 @@ in
|
|||
default = [ default-key ];
|
||||
description = "The public keys to authorize";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = mkDefault (if format == "install-iso" then "yes" else "no");
|
||||
};
|
||||
};
|
||||
|
||||
aa.user.extraOptions = {
|
||||
openssh.authorizedKeys.keys = cfg.authorizedKeys;
|
||||
passwordlessSudo = lib.mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Enable passwordless sudo (use ssh key)";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable (
|
||||
lib.mkMerge [
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = mkDefault (if format == "install-iso" then "yes" else "no");
|
||||
};
|
||||
};
|
||||
|
||||
aa.user.extraOptions = {
|
||||
openssh.authorizedKeys.keys = cfg.authorizedKeys;
|
||||
};
|
||||
}
|
||||
(lib.mkIf cfg.passwordlessSudo {
|
||||
security.pam.rssh.enable = true;
|
||||
security.pam.services.sudo.rssh = true;
|
||||
|
||||
})
|
||||
]
|
||||
);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue