diff --git a/kat/gui/waybar.nix b/kat/gui/waybar.nix index a3398dde..dd5e0c1a 100644 --- a/kat/gui/waybar.nix +++ b/kat/gui/waybar.nix @@ -1,4 +1,4 @@ -{ config, kittywitch, lib, pkgs, nixfiles, ... }: +{ config, kittywitch, lib, pkgs, ... }: { xdg.configFile."waybar/style.css" = { inherit (kittywitch.sassTemplate { name = "waybar-style"; src = ./waybar.sass; }) source; }; diff --git a/nixos/common/access.nix b/nixos/common/access.nix new file mode 100644 index 00000000..256edfad --- /dev/null +++ b/nixos/common/access.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: let +# TODO: solve lib usage +inherit (lib.lists) concatLists elem; +inherit (lib.attrsets) mapAttrsToList; +in { + users.users.root = { + shell = pkgs.zsh; + hashedPassword = + "$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB."; + openssh.authorizedKeys.keys = concatLists (mapAttrsToList + (name: user: + if elem "wheel" user.extraGroups then + user.openssh.authorizedKeys.keys + else + [ ]) + config.users.users); + }; + } diff --git a/nixos/gui/pam.nix b/nixos/gui/pam.nix new file mode 100644 index 00000000..235899d4 --- /dev/null +++ b/nixos/gui/pam.nix @@ -0,0 +1,6 @@ +_: { + security.pam.services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + }; +} diff --git a/systems/default.nix b/systems/default.nix index beab2a04..b27d2a83 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -122,8 +122,8 @@ path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.${name}; }; hostname = "${name}.inskip.me"; - sshOpts = ["-p" "62954"]; # "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${name}.config.services.openssh.ports)}"]; - sshUser = "kat"; + sshOpts = ["-p" "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${name}.config.services.openssh.ports)}"]; + sshUser = "root"; user = "root"; autoRollback = true; magicRollback = true;