modules/deploy-rs-receiver: init
This commit is contained in:
parent
a0fa47ddda
commit
05a42b9dc8
2 changed files with 22 additions and 0 deletions
|
|
@ -3,6 +3,7 @@ with builtins;
|
||||||
let
|
let
|
||||||
aspects = {
|
aspects = {
|
||||||
autopatch = import ./autopatch;
|
autopatch = import ./autopatch;
|
||||||
|
deploy-rs-receiver = import ./deploy-rs-receiver;
|
||||||
enterprise = import ./enterprise;
|
enterprise = import ./enterprise;
|
||||||
hydra = import ./hydra;
|
hydra = import ./hydra;
|
||||||
ipfs-lain = import ./ipfs-lain;
|
ipfs-lain = import ./ipfs-lain;
|
||||||
|
|
@ -25,6 +26,7 @@ in rec {
|
||||||
networking = [ ssh ];
|
networking = [ ssh ];
|
||||||
|
|
||||||
server = [
|
server = [
|
||||||
|
deploy-rs-receiver
|
||||||
nix-config-server
|
nix-config-server
|
||||||
] ++ base ++ networking;
|
] ++ base ++ networking;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
20
modules/deploy-rs-receiver/default.nix
Normal file
20
modules/deploy-rs-receiver/default.nix
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
{
|
||||||
|
security.sudo.extraRules = [
|
||||||
|
({
|
||||||
|
users = [ "deploy" ];
|
||||||
|
commands = [
|
||||||
|
"NOPASSWD: /nix/store/*-activate-rs/activate-rs"
|
||||||
|
"NOPASSWD: /run/current-system/sw/bin/rm /tmp/deploy-rs-canary-*"
|
||||||
|
];
|
||||||
|
runAs = "root";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
nix.trustedUsers = [ "deploy" ];
|
||||||
|
users.users.deploy = {
|
||||||
|
isNormalUser = true;
|
||||||
|
uid = 1999;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmdWfmAs/0rno8zJlhBFMY2SumnHbTNdZUXJqxgd9ON max@jericho"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue