24 lines
523 B
Nix
24 lines
523 B
Nix
{
|
|
self,
|
|
super,
|
|
root,
|
|
}: {lib, ...}: {
|
|
nix.settings.trusted-users = ["deploy"]; # trust closures created by our user
|
|
|
|
users.groups.deploy = {};
|
|
users.users.deploy = {
|
|
isSystemUser = true;
|
|
useDefaultShell = true;
|
|
group = "deploy";
|
|
extraGroups = ["wheel"];
|
|
|
|
hashedPassword = lib.mkForce null;
|
|
hashedPasswordFile = lib.mkForce null;
|
|
password = lib.mkForce null;
|
|
passwordFile = lib.mkForce null;
|
|
|
|
openssh.authorizedKeys.keys = with root.sshKeys; [
|
|
xun_nixdesk
|
|
];
|
|
};
|
|
}
|