making a reduced permissions user for automation

author: Devin Finlinson <devin.finlinson@pm.me> 2024-02-14 08:34:00 -0700
committer: Devin Finlinson <devin.finlinson@pm.me> 2024-02-14 08:34:00 -0700
commit: f7593d6fc923692a8ba500f3fbe05d64fe9ffa58 (patch)
tree: 3d8d2bc7248b345098511ec4173bc87045328c96 /modules
parent: 152fcf721aa4227489a66b5c501f7c363d4168f2 (diff)
2 files changed, 16 insertions, 1 deletions
diff --git a/modules/users/defin.nix b/modules/users/defin.nix
index c156d7e..b437692 100644
--- a/modules/users/defin.nix
+++ b/modules/users/defin.nix
@@ -22,7 +22,6 @@
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrt3+N4+ahtXZCUn11evQsVGsGgAohGwafC29/a4fk defin@Radahn"
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkGcmYIYCe6GHsZZvnXqsedF0wn+AhGSr+RPJtUO/kl defin@khad"
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaMYXO9ghATyUPzyE7aD/XVVmK9UAexueoGEYAqPT4L defin@kebab"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHslJRD5+7rytlVDzeZh6B/4XW8QWQ5dsWWDBbOXKTrJ defin@zenbook"
       ];
     };
   };
diff --git a/modules/users/git.nix b/modules/users/git.nix
new file mode 100644
index 0000000..494f4b5
--- /dev/null
+++ b/modules/users/git.nix
@@ -0,0 +1,16 @@
+{ pkgs, ... }: {
+	users = {
+		mutableUsers = false;
+		users.git = {
+			isNormaluser = false;
+			description = "user for git and building automation";
+			extraGroups = [ "builders" ];
+
+			openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHslJRD5+7rytlVDzeZh6B/4XW8QWQ5dsWWDBbOXKTrJ defin@zenbook"
+			];
+		};
+	};
+
+	services.openssh = { settings.PasswordAuthenitcation = false; };
+}
author	Devin Finlinson <devin.finlinson@pm.me>	2024-02-14 08:34:00 -0700
committer	Devin Finlinson <devin.finlinson@pm.me>	2024-02-14 08:34:00 -0700
commit	f7593d6fc923692a8ba500f3fbe05d64fe9ffa58 (patch)
tree	3d8d2bc7248b345098511ec4173bc87045328c96 /modules
parent	152fcf721aa4227489a66b5c501f7c363d4168f2 (diff)