Enable SSH server on all hosts. Add wheel group to nix trusted users.

2025-07-11 12:35:33 +08:00 · 2025-07-11 12:35:33 +08:00 · 92cef09d87
commit 92cef09d87
parent e4d3620bf7
2 changed files with 21 additions and 13 deletions
--- a/suites/common.nix
+++ b/suites/common.nix
@ -16,6 +16,9 @@ with lib; {
    "flakes"
  ];

+  # Add @wheel to trusted-users for remote deployments.
+  nix.settings.trusted-users = ["root" "@wheel"];
+
  # Set $NIX_PATH to flake input.
  nix.nixPath = ["nixpkgs=${nixpkgs}"];

@ -60,6 +63,12 @@ with lib; {
      "wheel"
      "networkmanager"
    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzW4epTmK01kGVXcuAXUNJQPltnogf4uab9FA5m8S3n fern@pardalote"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEJYq1fMxVOzCMfE/td6DtWS8nUk76U9seYD3Z9RYAz u0_a399@fairywren"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMoJvPcUJDVVzO4dHROCFNlgJdDZSP5xyPx2s40zcx5QAAAABHNzaDo= YubiKey5NFC"
+    ];
  };

  # Use fish shell
@ -123,6 +132,9 @@ with lib; {
    '';
  };

+  # https://discourse.nixos.org/t/slow-build-at-building-man-cache/52365/2
+  documentation.man.generateCaches = false;
+
  # Install some packages.
  programs = {
    git.enable = true;
@ -285,9 +297,17 @@ with lib; {
    yazi
  ];

+  # Enable SSH server.
+  services.openssh.enable = true;
+
  # Enable avahi hostname resolution.
  services.avahi = {
    enable = true;
    nssmdns4 = true;
+    publish = {
+      enable = true;
+      addresses = true;
+      domain = true;
+    };
  };
 }
--- a/suites/server.nix
+++ b/suites/server.nix
@ -10,19 +10,7 @@ with lib; {
  # Enable all terminfo (for ghostty).
  environment.enableAllTerminfo = true;

-  # Enable SSH server.
-  services.openssh.enable = true;
-
-  users.users.${user} = {
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzW4epTmK01kGVXcuAXUNJQPltnogf4uab9FA5m8S3n fern@pardalote"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEJYq1fMxVOzCMfE/td6DtWS8nUk76U9seYD3Z9RYAz u0_a399@fairywren"
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMoJvPcUJDVVzO4dHROCFNlgJdDZSP5xyPx2s40zcx5QAAAABHNzaDo= YubiKey5NFC"
-    ];
-    extraGroups = mkIf (user == "docker") ["docker"];
-  };
-
  # Enable docker.
  virtualisation.docker.enable = mkIf (user == "docker") true;
+  users.users.${user}.extraGroups = mkIf (user == "docker") ["docker"];
 }