nachtigall: move SSH private key from user to host
This commit is contained in:
parent
43512ae6e7
commit
9c1d19d49f
|
@ -38,6 +38,14 @@
|
||||||
# https://nixos.wiki/wiki/ZFS#declarative_mounting_of_ZFS_datasets
|
# https://nixos.wiki/wiki/ZFS#declarative_mounting_of_ZFS_datasets
|
||||||
systemd.services.zfs-mount.enable = false;
|
systemd.services.zfs-mount.enable = false;
|
||||||
|
|
||||||
|
# Declarative SSH private key
|
||||||
|
age.secrets."nachtigall-root-ssh-key" = {
|
||||||
|
file = "${flake.self}/secrets/nachtigall-root-ssh-key.age";
|
||||||
|
path = "/root/.ssh/id_ed25519";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
# This value determines the NixOS release with which your system is to be
|
||||||
# compatible, in order to avoid breaking some software such as database
|
# compatible, in order to avoid breaking some software such as database
|
||||||
# servers. You should change this only after NixOS release notes say you
|
# servers. You should change this only after NixOS release notes say you
|
||||||
|
|
|
@ -25,12 +25,6 @@
|
||||||
users.groups.hakkonaut = {};
|
users.groups.hakkonaut = {};
|
||||||
|
|
||||||
users.users.root.initialHashedPassword = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
|
users.users.root.initialHashedPassword = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
|
||||||
age.secrets."nachtigall-root-ssh-key" = {
|
|
||||||
file = "${flake.self}/secrets/nachtigall-root-ssh-key.age";
|
|
||||||
path = "/root/.ssh/id_ed25519";
|
|
||||||
mode = "400";
|
|
||||||
owner = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue