nachtigall: move SSH private key from user to host

This commit is contained in:
teutat3s 2023-11-09 03:20:48 +01:00 committed by b12f
parent 43512ae6e7
commit 9c1d19d49f
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
2 changed files with 8 additions and 6 deletions

View file

@ -38,6 +38,14 @@
# https://nixos.wiki/wiki/ZFS#declarative_mounting_of_ZFS_datasets # https://nixos.wiki/wiki/ZFS#declarative_mounting_of_ZFS_datasets
systemd.services.zfs-mount.enable = false; systemd.services.zfs-mount.enable = false;
# Declarative SSH private key
age.secrets."nachtigall-root-ssh-key" = {
file = "${flake.self}/secrets/nachtigall-root-ssh-key.age";
path = "/root/.ssh/id_ed25519";
mode = "400";
owner = "root";
};
# This value determines the NixOS release with which your system is to be # This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database # compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you # servers. You should change this only after NixOS release notes say you

View file

@ -25,12 +25,6 @@
users.groups.hakkonaut = {}; users.groups.hakkonaut = {};
users.users.root.initialHashedPassword = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32"; users.users.root.initialHashedPassword = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
age.secrets."nachtigall-root-ssh-key" = {
file = "${flake.self}/secrets/nachtigall-root-ssh-key.age";
path = "/root/.ssh/id_ed25519";
mode = "400";
owner = "root";
};
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
} }