use ssh instead of sudo
Some checks failed
Activate NixOS Homelab Configuration On Push / deploy (push) Has been cancelled
Some checks failed
Activate NixOS Homelab Configuration On Push / deploy (push) Has been cancelled
This commit is contained in:
parent
04700f6f65
commit
6e8692e44e
4 changed files with 25 additions and 28 deletions
|
|
@ -1,11 +1,4 @@
|
|||
{ lib, pkgs, homelab, ... }: {
|
||||
security.sudo.extraRules = [{ # for configuration activation on push to git
|
||||
users = [ "gitea-runner" ];
|
||||
commands = [{
|
||||
command = "/run/current-system/sw/bin/nixos-rebuild";
|
||||
options = [ "NOPASSWD" ];
|
||||
}];
|
||||
}];
|
||||
services = {
|
||||
forgejo = {
|
||||
enable = true;
|
||||
|
|
@ -51,17 +44,9 @@
|
|||
name = "nixos-server-runner";
|
||||
url = "https://git.proxy.${homelab.domain}";
|
||||
tokenFile = "/root/forgejo-token-runner";
|
||||
labels = [ "nixos-server" ];
|
||||
hostPackages = with pkgs; [ bash coreutils git nix nodejs sudo ];
|
||||
container.enable = false;
|
||||
};
|
||||
};
|
||||
systemd.services."gitea-runner-nixos-deploy" = {
|
||||
restartIfChanged = false;
|
||||
serviceConfig = {
|
||||
NoNewPrivileges = lib.mkForce false;
|
||||
RestrictSUIDSGID = lib.mkForce false;
|
||||
PrivateUsers = lib.mkForce false;
|
||||
labels = [ "nixos-server:host" ];
|
||||
hostPackages = with pkgs; [ bash coreutils git nix ];
|
||||
};
|
||||
};
|
||||
systemd.services."gitea-runner-nixos-deploy".restartIfChanged = false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,6 +29,8 @@ in {
|
|||
./base.nix
|
||||
];
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = homelab.ssh-keys;
|
||||
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
authKeyFile = "/mnt/data/tailscale/authkey";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue