config: Enable authorization through ssh agent
This enables sudo-via-yubikey and therefore makes `-t` obsolete, in turn fixing a whole sleuth of issues with deploy-rs. *And* seems more secure and convenient at the same time.
This commit is contained in:
Tristan Daniël Maat
parent
0528f73187
commit
997707021b
GPG key ID:
49670FD774E43268
|
|
@ -100,6 +100,15 @@
|
||||||
gatewayPorts = "yes";
|
gatewayPorts = "yes";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security = {
|
||||||
|
sudo.execWheelOnly = true;
|
||||||
|
|
||||||
|
pam = {
|
||||||
|
enableSSHAgentAuth = true;
|
||||||
|
services.sudo.sshAgentAuth = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
|
|
||||||
|
|
@ -53,10 +53,8 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
sshUser = "tlater";
|
sshUser = "tlater";
|
||||||
sshOpts = ["-t" "-p" "2222"];
|
sshOpts = ["-p" "2222" "-o" "ForwardAgent=yes"];
|
||||||
fastConnection = true;
|
fastConnection = true;
|
||||||
# Currently broken, see https://github.com/serokell/deploy-rs/issues/78
|
|
||||||
magicRollback = false;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
#########
|
#########
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue