nerf/defaultRoles #12

Merged
nerf merged 10 commits from nerf/nixConfig:nerf/defaultRoles into main 2023-10-05 21:15:32 +00:00
3 changed files with 8 additions and 3 deletions
Showing only changes of commit 44a0ef0ecd - Show all commits

View file

@ -5,7 +5,7 @@ let
admins = {
nerf = {
hashedPassword =
"$6$rounds=424242$FaEtIXMUScxgAYyF$Fl8GbPFgiEv.1iwrhtVpTixG1BTJys3aIfLyTzocQYZV4JymrYEXtnyCTURmVDe8stxbxgDutmtlyElfn1DQc/";
"$y$j9T$SJcjUIcs3JYuM5oyxfEQa/$tUBQT07FK4cb9xm.A6ZKVnFIPNOYMOKC6Dt6hadCuJ7";
Gonne marked this conversation as resolved
Review

Why does this user get a password? We didn't do that on our Debian machines with individual user accounts.

Why does this user get a password? We didn't do that on our Debian machines with individual user accounts.
Review

Basically my paranoia, makes privilege escalation on that machine harder.

It also makes sane user based console log ins possible. You might have noticed I disabled root
console (technically password) login.

Basically my paranoia, makes privilege escalation on that machine harder. It also makes sane user based console log ins possible. You might have noticed I disabled root console (technically password) login.
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdA4LpEGUUmN8esFyrNZXFb2GiBID9/S6zzhcnofQuP nerf@nerflap2"
];

View file

@ -1,6 +1,9 @@
{pkgs, config, lib, ...} : {
imports = [ ./admins.nix ];
imports = [
./admins.nix
./nix_keys.nix
];
nix = {
extraOptions = ''
experimental-features = nix-command flakes

View file

@ -1,4 +1,6 @@
{lib, ...} :
{
imports = [ ];
nix.settings.trusted-public-keys = [
"nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc="
];
}