diff options
author | Florian Klink <flokli@flokli.de> | 2018-12-12 15:43:29 +0100 |
---|---|---|
committer | Florian Klink <flokli@flokli.de> | 2018-12-21 17:52:37 +0100 |
commit | 706efadcb69e77f98f4f4db3bc04ea9bebe59219 (patch) | |
tree | cf087e4be5b85f19783f93674c814488b89e9853 /nixos | |
parent | 0f46188ca10c2112e4af826233d203165ead17f4 (diff) | |
download | nixlib-706efadcb69e77f98f4f4db3bc04ea9bebe59219.tar nixlib-706efadcb69e77f98f4f4db3bc04ea9bebe59219.tar.gz nixlib-706efadcb69e77f98f4f4db3bc04ea9bebe59219.tar.bz2 nixlib-706efadcb69e77f98f4f4db3bc04ea9bebe59219.tar.lz nixlib-706efadcb69e77f98f4f4db3bc04ea9bebe59219.tar.xz nixlib-706efadcb69e77f98f4f4db3bc04ea9bebe59219.tar.zst nixlib-706efadcb69e77f98f4f4db3bc04ea9bebe59219.zip |
nixos/modules/virtualisation/google-compute-config.nix: remove google-accounts-daemon
Use googleOsLogin for login instead. This allows setting users.mutableUsers back to false, and to strip the security.sudo.extraConfig. security.sudo.enable is default anyhow, so we can remove that as well.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/virtualisation/google-compute-config.nix | 28 |
1 files changed, 1 insertions, 27 deletions
diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 1f8485b274fc..8c7331fe4d2b 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -65,33 +65,7 @@ in # GC has 1460 MTU networking.interfaces.eth0.mtu = 1460; - # allow the google-accounts-daemon to manage users - users.mutableUsers = true; - # and allow users to sudo without password - security.sudo.enable = true; - security.sudo.extraConfig = '' - %google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL - ''; - - # NOTE: google-accounts tries to write to /etc/sudoers.d but the folder doesn't exist - # FIXME: not such file or directory on dynamic SSH provisioning - systemd.services.google-accounts-daemon = { - description = "Google Compute Engine Accounts Daemon"; - # This daemon creates dynamic users - enable = config.users.mutableUsers; - after = [ - "network.target" - "google-instance-setup.service" - "google-network-setup.service" - ]; - requires = ["network.target"]; - wantedBy = ["multi-user.target"]; - path = with pkgs; [ shadow ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${gce}/bin/google_accounts_daemon --debug"; - }; - }; + security.googleOsLogin.enable = true; systemd.services.google-clock-skew-daemon = { description = "Google Compute Engine Clock Skew Daemon"; |