skyworks-Nix-infra/modules/users.nix at 8f61461674c1c372f80fcd322d76e55dcf315899

Fork: 0

Skyworks / skyworks-Nix-infra

Find file

Newer

Older

skyworks-Nix-infra / modules / users.nix

Dixiao-L 7 days ago 1 KB add ylw ed25519 key: agenix access, SSH auth, rekey all secrets

Raw Blame History

{ ... }:

{
  users.users.ldx = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMNHFTC5HMO3IsggHpA+eVSCyhZSmDZz7aV62IFt7sj"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFw6Bsat10YClOV0dQWXRUZlaAork5I1QVNBwkZebOM ldx@skydick"
    ];
  };

  users.users."ye-lw21" = {
    isNormalUser = true;
    uid = 1002;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGMOAuXpGQcwZDOiAbqnVOkBB4jjSs+awGa0WHpDhuZFo61mQNIoE3lozAO58HikY49+JwJccL+oJgA7VNzpy1hl711wbqj8CV3wjJflpnTla86XnXI30w6dlx7qd07JDoXYr6JvCOCk0nbwomXeekxm8Yw1hwjb476ryvZJDvFhIpSx+7j8oP+qlsUDKOhaMdpiDN71b8YihS7jTZvyw9958XB2AH1WjjV1foWk1ux0KIfkqTTZTPkvbkKBsuHFhHzp08OVXTNaROBz+iDcOm8JUodAO/Qbjcaw2pwENjThxwtuXDCYwYv9CN1rQ3lTXo5zC+8MqvGCZBbnhgIvTV8C5W1nRTpOC1d07r0CrNqq4PVPPW1FKBkhUhbuhJCawNjxgQvK2fwP9hZYstrYiXHVgGNmnv9Utg8ENB4fXYKHgFktGhWXMb8oYJkV9wSQuh86hnr3WAjmQu7dIRT02Sp+KPYskFIGQkDoC79PjUVGJC0HZAFLPIBozliF0u/58= ye-lw21-laptop@YLW-LAPTOP"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtRkddBvOX+uSeWBbKzYPRSkTSGAwZox2WiQLV5yVUv ylw-laptop@YLW-LAPTOP"
    ];
  };

  security.sudo.wheelNeedsPassword = true;

  # deploy-rs needs full NOPASSWD sudo — it runs activate-rs, nix-env,
  # switch-to-configuration, and confirmation commands via non-interactive SSH.
  # Only ldx is the deploy user; ye-lw21 uses password sudo via wheel.
  security.sudo.extraRules = [
    {
      users = [ "ldx" ];
      commands = [
        { command = "ALL"; options = [ "NOPASSWD" ]; }
      ];
    }
  ];
}