The sudo user was stupid. Provide a password protected key for the root user, have colmena go through that. As intended.

2025-06-01 16:39:21 -04:00 · 2025-06-01 16:39:21 -04:00 · 90976edeec
commit 90976edeec
parent e5abaafa8d
4 changed files with 4 additions and 25 deletions
--- a/modules/system/programs/colmena/default.nix
+++ b/modules/system/programs/colmena/default.nix
@ -1,4 +0,0 @@
 { ... }:
 {
  deployment.targetUser = "sudo";
 }
--- a/modules/system/programs/default.nix
+++ b/modules/system/programs/default.nix
@ -1,7 +1,6 @@
 { ... }:
 {
  imports = [
    ./colmena
    ./desktops
    ./gaming
    ./git
--- a/modules/system/services/general/ssh/default.nix
+++ b/modules/system/services/general/ssh/default.nix
@ -5,7 +5,6 @@
  services.openssh = {
    enable = true;
    settings = {
      AllowGroups = [ "users" ];
      AuthenticationMethods = "publickey";
      PermitEmptyPasswords = true;
      PrintLastLog = "no";
--- a/modules/system/settings/security/privilege/default.nix
+++ b/modules/system/settings/security/privilege/default.nix
@ -3,25 +3,10 @@
  security.sudo-rs = {
    enable = true;
    execWheelOnly = true;
    extraRules = [
      {
        users = [ "sudo" ];
        commands = [
          {
            command = "ALL";
            options = [ "NOPASSWD" ];
          }
        ];
      }
    ];
  };
-  # Create a user that has admin non-interactively
+  # Allow root to be accessed via ssh
-  users.users.sudo = {
+  users.users.root.openssh.authorizedKeys.keys = [
-    isNormalUser = true;
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"
-    extraGroups = [ "wheel" ];
+  ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"
    ];
  };
 }