The sudo user was stupid. Provide a password protected key for the root user, have colmena go through that. As intended.

2025-06-01 16:39:21 -04:00 · 2025-06-01 16:39:21 -04:00 · 90976edeec
commit 90976edeec
parent e5abaafa8d
4 changed files with 4 additions and 25 deletions
--- a/modules/system/settings/security/privilege/default.nix
+++ b/modules/system/settings/security/privilege/default.nix
@ -3,25 +3,10 @@
  security.sudo-rs = {
    enable = true;
    execWheelOnly = true;
-    extraRules = [
-      {
-        users = [ "sudo" ];
-        commands = [
-          {
-            command = "ALL";
-            options = [ "NOPASSWD" ];
-          }
-        ];
-      }
-    ];
  };

-  # Create a user that has admin non-interactively
-  users.users.sudo = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"
-    ];
-  };
+  # Allow root to be accessed via ssh
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"
+  ];
 }