modules/deploy-rs-receiver: init
This commit is contained in:
parent
a0fa47ddda
commit
05a42b9dc8
2 changed files with 22 additions and 0 deletions
|
@ -3,6 +3,7 @@ with builtins;
|
|||
let
|
||||
aspects = {
|
||||
autopatch = import ./autopatch;
|
||||
deploy-rs-receiver = import ./deploy-rs-receiver;
|
||||
enterprise = import ./enterprise;
|
||||
hydra = import ./hydra;
|
||||
ipfs-lain = import ./ipfs-lain;
|
||||
|
@ -25,6 +26,7 @@ in rec {
|
|||
networking = [ ssh ];
|
||||
|
||||
server = [
|
||||
deploy-rs-receiver
|
||||
nix-config-server
|
||||
] ++ base ++ networking;
|
||||
};
|
||||
|
|
20
modules/deploy-rs-receiver/default.nix
Normal file
20
modules/deploy-rs-receiver/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
security.sudo.extraRules = [
|
||||
({
|
||||
users = [ "deploy" ];
|
||||
commands = [
|
||||
"NOPASSWD: /nix/store/*-activate-rs/activate-rs"
|
||||
"NOPASSWD: /run/current-system/sw/bin/rm /tmp/deploy-rs-canary-*"
|
||||
];
|
||||
runAs = "root";
|
||||
})
|
||||
];
|
||||
nix.trustedUsers = [ "deploy" ];
|
||||
users.users.deploy = {
|
||||
isNormalUser = true;
|
||||
uid = 1999;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmdWfmAs/0rno8zJlhBFMY2SumnHbTNdZUXJqxgd9ON max@jericho"
|
||||
];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue