diff options
| author | Alex Auvolat <alex@adnab.me> | 2021-12-30 18:09:20 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2021-12-30 18:09:20 +0100 |
| commit | 230c1d727b951e032603a5c776f540003829bff6 (patch) | |
| tree | 41969732e72904cd8a1cfa5b0fc7715406c5cd2f /configuration.nix | |
| parent | 2ae33755927ca1c6fa84cdf3ef2aa75ea6b7edaa (diff) | |
| download | nixcfg-230c1d727b951e032603a5c776f540003829bff6.tar.gz nixcfg-230c1d727b951e032603a5c776f540003829bff6.zip | |
Increase security: sudo with password, no more docker group for users
Diffstat (limited to 'configuration.nix')
| -rw-r--r-- | configuration.nix | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/configuration.nix b/configuration.nix index bb44c40..649e7e8 100644 --- a/configuration.nix +++ b/configuration.nix @@ -115,7 +115,6 @@ in extraGroups = [ "wheel" # Enable ‘sudo’ for the user. "video" # Having fun with links -g - "docker" # Enable management of Docker containers ]; openssh.authorizedKeys.keys = [ # Keys for accessing nodes from outside @@ -126,7 +125,7 @@ in users.users.quentin = { isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; + extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDT1+H08FdUSvdPpPKdcafq4+JRHvFVjfvG5Id97LAoROmFRUb/ZOMTLdNuD7FqvW0Da5CPxIMr8ZxfrFLtpGyuG7qdI030iIRZPlKpBh37epZHaV+l9F4ZwJQMIBO9cuyLPXgsyvM/s7tDtrdK1k7JTf2EVvoirrjSzBaMhAnhi7//to8zvujDtgDZzy6aby75bAaDetlYPBq2brWehtrf9yDDG9WAMYJqp//scje/WmhbRR6eSdim1HaUcWk5+4ZPt8sQJcy8iWxQ4jtgjqTvMOe5v8ZPkxJNBine/ZKoJsv7FzKem00xEH7opzktaGukyEqH0VwOwKhmBiqsX2yN quentin@dufour.io" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBu+KUebaWwlugMC5fGbNhHc6IaQDAC6+1vMc4Ww7nVU1rs2nwI7L5qcWxOwNdhFaorZQZy/fJuCWdFbF61RCKGayBWPLZHGPsfqDuggYNEi1Qil1kpeCECfDQNjyMTK058ZBBhOWNMHBjlLWXUlRJDkRBBECY0vo4jRv22SvSaPUCAnkdJ9rbAp/kqb497PTIb2r1l1/ew8YdhINAlpYQFQezZVfkZdTKxt22n0QCjhupqjfh3gfNnbBX0z/iO+RvAOWRIZsjPFLC+jXl+n7cnu2cq1nvST5eHiYfXXeIgIwmeENLKqp+2Twr7PIdv22PnJkh6iR5kx7eTRxkNZdN quentin@deuxfleurs.fr" @@ -135,7 +134,7 @@ in users.users.adrien = { isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; + extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBfVX+iQSHl3V0el3/y2Rtl9Q/nrmLoTE3oXnR+16yX7g8HvzU871q89jbE/UWvNRvO4hirTcKF8yojuq8ZRCoUcQO+6/YlPrY/2G8kFhPTlUGDQ+mLT+ancZsom4mkg3I9oQjKZ9qxMD1GuU8Ydz4eXjhJ8OGFZhBpEgnrLmdA53Y5d2fCbaZN5EYD4sWEFYN7xBLxTGNwv0gygiPs967Z4/ZfHngTvqVoS9wnQThSCIoXPTWFAJCkN8dC5tPZwnbOT1bGcYUF0VTrcaD6cU6Q1ZRrtyqXxnnyxpQCAoe2hgdIm+LnDsBx9trfPauqi0dXi36X8pLmudW1f1RmKWT adrien@bacigalupi" ]; @@ -143,7 +142,7 @@ in users.users.maximilien = { isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; + extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHMMR6zNzz8NQU80wFquhUCeiXJuGphjP+zNouKbn228GyESu8sfNBwnuZq86vblR11Lz8l2rtCM73GfAKg29qmUWUHRKWvRIYWv2vaUJcCdy0bAxIzcvCvjZX0SpnIKxe9y3Rp0LGO5WLYfw0ZFaavwFZP0Z8w1Kj9/zBmL2X2avbhkaYHi/C1yXhbvESYQysmqLa48EX/TS616MBrgR9zbI9AoTQ9NOHnR14Tve/AP/khcZoBJdm4hTttMbNkEc0wonzdylTDew263SPRs/uoqnQIpUtErdPHqU10Yup8HjXjEyFJsSwcZcM5sZOw5JKckKJwmcd0yjO/x/4/Mk5" ]; @@ -151,15 +150,12 @@ in users.users.kokakiwi = { isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; + extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPTsEgcOtb2bij+Ih8eg8ZqO7d3IMiWykv6deMzlSSS kokakiwi@kira" ]; }; - # Passwordless sudo - security.sudo.wheelNeedsPassword = false; - # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ |