jasmine/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

refactor(viridian): improve remote deployment security

Browse source 
- Remove passwordless sudo for wheel group
- Update deploy command to use -S flag for sudo password prompt
- Maintain secure remote access while enabling deployments
This commit is contained in:
♥ Minnie ♥ 2025-12-20 19:33:59 +08:00
parent efbbfecb2c
commit 1a931b76bd
Signed by: jasmine
GPG key ID: 8563E358D4E8040E
2 changed files with 1 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
justfile
View file

@ -8,5 +8,4 @@ switch *ARGS:
sudo nixos-rebuild switch --flake .#{{ARGS}} sudo nixos-rebuild switch --flake .#{{ARGS}}
deploy *ARGS: deploy *ARGS:
nixos-rebuild switch --flake .#{{ARGS}} --target-host {{ARGS}} --use-remote-sudo nixos-rebuild switch -S --flake .#{{ARGS}} --target-host {{ARGS}}

3
nixos/viridian/configuration.nix
View file

@ -49,9 +49,6 @@
oci-containers.backend = "docker"; oci-containers.backend = "docker";
}; };
# Required for smooth remote deployments
security.sudo.wheelNeedsPassword = false;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }