Factorise users configurations #20
No reviewers
Labels
No labels
blocked
project-management
question
No milestone
No project
No assignees
3 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Fediversity/Fediversity#20
Loading…
Reference in a new issue
No description provided.
Delete branch "factorise-users-config"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR merges all users-related configurations from VMs in
infra/
into ainfra/common/users.nix
module. More factorisation will come in subsequent PRs. It builds on top of #19.While merging these users configurations, I have come across some variations. Similarly to what I did in #19, I have taking the superset of those things. However, I think I can clean things up a bit. In particular:
Some machines did not have a
hashedPassword
forroot
and now they do. @koen @kevin> I guess that is fine, but should we not just remove password login forroot
entirely and remove thishashedPassword
?Some machines did not have a
valentin
user and now they do. @fricklerhandwerk> Do you actually need that? Wouldn't your SSH key on theroot
user suffice? In which case, which one:(or both) (I believe both are yours but I am not entirely sure)
infra/common
262067fa4cinfra/common
56f54e8ebdinfra/common
2fe8d72840infra/common
I agree on disabling sudo passwords, and removing passwords altogether. May even disable root login, as @koen noted on Matrix.
@ -0,0 +14,4 @@
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOJzgwAYAoMexc1fBJxU08YmsiU9T4Ua8QFeE4/kZNZ5"
this key is good
the reason some have an hashed password and some don't is because we added that option later on so older machines don't have it. I would recommend removing password login for root in case you need to save the machine from the terminal in the vm environment.
as for the user for valetin like you earlier discussed with koen in de matrix its better if don't allow a direct login to root over ssh so the user is needed
@fricklerhandwerk> Is this your key?
83e55c89d6
to67eddccc40
Merged with
1e8174799b
.Thank you for your comments, @kevin. I applied them as best I could. The only one I did not yet apply is to disable root SSH authentication, because NixOps4 doesn't allow that yet. It is tracked in #24.
Pull request closed