From 90976edeeca51bf14b9d3467338fd27180089eff Mon Sep 17 00:00:00 2001
From: Bun <bun@nixfox.ca>
Date: Sun, 1 Jun 2025 16:39:21 -0400
Subject: [PATCH] The sudo user was stupid. Provide a password protected key
 for the root user, have colmena go through that. As intended.

---
 modules/system/programs/colmena/default.nix   |  4 ----
 modules/system/programs/default.nix           |  1 -
 .../system/services/general/ssh/default.nix   |  1 -
 .../settings/security/privilege/default.nix   | 23 ++++---------------
 4 files changed, 4 insertions(+), 25 deletions(-)
 delete mode 100644 modules/system/programs/colmena/default.nix

diff --git a/modules/system/programs/colmena/default.nix b/modules/system/programs/colmena/default.nix
deleted file mode 100644
index a25b73f0..00000000
--- a/modules/system/programs/colmena/default.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{ ... }:
-{
-  deployment.targetUser = "sudo";
-}
diff --git a/modules/system/programs/default.nix b/modules/system/programs/default.nix
index 2b6eefc6..beb3354e 100644
--- a/modules/system/programs/default.nix
+++ b/modules/system/programs/default.nix
@@ -1,7 +1,6 @@
 { ... }:
 {
   imports = [
-    ./colmena
     ./desktops
     ./gaming
     ./git
diff --git a/modules/system/services/general/ssh/default.nix b/modules/system/services/general/ssh/default.nix
index f1280759..90bd0dee 100644
--- a/modules/system/services/general/ssh/default.nix
+++ b/modules/system/services/general/ssh/default.nix
@@ -5,7 +5,6 @@
   services.openssh = {
     enable = true;
     settings = {
-      AllowGroups = [ "users" ];
       AuthenticationMethods = "publickey";
       PermitEmptyPasswords = true;
       PrintLastLog = "no";
diff --git a/modules/system/settings/security/privilege/default.nix b/modules/system/settings/security/privilege/default.nix
index 0fac0ed7..0dd9a19c 100644
--- a/modules/system/settings/security/privilege/default.nix
+++ b/modules/system/settings/security/privilege/default.nix
@@ -3,25 +3,10 @@
   security.sudo-rs = {
     enable = true;
     execWheelOnly = true;
-    extraRules = [
-      {
-        users = [ "sudo" ];
-        commands = [
-          {
-            command = "ALL";
-            options = [ "NOPASSWD" ];
-          }
-        ];
-      }
-    ];
   };
 
-  # Create a user that has admin non-interactively
-  users.users.sudo = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"
-    ];
-  };
+  # Allow root to be accessed via ssh
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"
+  ];
 }