From 706efadcb69e77f98f4f4db3bc04ea9bebe59219 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Wed, 12 Dec 2018 15:43:29 +0100 Subject: nixos/modules/virtualisation/google-compute-config.nix: remove google-accounts-daemon Use googleOsLogin for login instead. This allows setting users.mutableUsers back to false, and to strip the security.sudo.extraConfig. security.sudo.enable is default anyhow, so we can remove that as well. --- .../virtualisation/google-compute-config.nix | 28 +--------------------- 1 file changed, 1 insertion(+), 27 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 1f8485b274fc..8c7331fe4d2b 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -65,33 +65,7 @@ in # GC has 1460 MTU networking.interfaces.eth0.mtu = 1460; - # allow the google-accounts-daemon to manage users - users.mutableUsers = true; - # and allow users to sudo without password - security.sudo.enable = true; - security.sudo.extraConfig = '' - %google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL - ''; - - # NOTE: google-accounts tries to write to /etc/sudoers.d but the folder doesn't exist - # FIXME: not such file or directory on dynamic SSH provisioning - systemd.services.google-accounts-daemon = { - description = "Google Compute Engine Accounts Daemon"; - # This daemon creates dynamic users - enable = config.users.mutableUsers; - after = [ - "network.target" - "google-instance-setup.service" - "google-network-setup.service" - ]; - requires = ["network.target"]; - wantedBy = ["multi-user.target"]; - path = with pkgs; [ shadow ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${gce}/bin/google_accounts_daemon --debug"; - }; - }; + security.googleOsLogin.enable = true; systemd.services.google-clock-skew-daemon = { description = "Google Compute Engine Clock Skew Daemon"; -- cgit 1.4.1