diff options
author | Florian Klink <flokli@flokli.de> | 2018-12-12 15:43:29 +0100 |
---|---|---|
committer | Florian Klink <flokli@flokli.de> | 2018-12-21 17:52:37 +0100 |
commit | 706efadcb69e77f98f4f4db3bc04ea9bebe59219 (patch) | |
tree | cf087e4be5b85f19783f93674c814488b89e9853 /nixos | |
parent | 0f46188ca10c2112e4af826233d203165ead17f4 (diff) |
nixos/modules/virtualisation/google-compute-config.nix: remove google-accounts-daemon
Use googleOsLogin for login instead. This allows setting users.mutableUsers back to false, and to strip the security.sudo.extraConfig. security.sudo.enable is default anyhow, so we can remove that as well.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/virtualisation/google-compute-config.nix | 28 |
1 files changed, 1 insertions, 27 deletions
diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 1f8485b274fcf..8c7331fe4d2b1 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -65,33 +65,7 @@ in # GC has 1460 MTU networking.interfaces.eth0.mtu = 1460; - # allow the google-accounts-daemon to manage users - users.mutableUsers = true; - # and allow users to sudo without password - security.sudo.enable = true; - security.sudo.extraConfig = '' - %google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL - ''; - - # NOTE: google-accounts tries to write to /etc/sudoers.d but the folder doesn't exist - # FIXME: not such file or directory on dynamic SSH provisioning - systemd.services.google-accounts-daemon = { - description = "Google Compute Engine Accounts Daemon"; - # This daemon creates dynamic users - enable = config.users.mutableUsers; - after = [ - "network.target" - "google-instance-setup.service" - "google-network-setup.service" - ]; - requires = ["network.target"]; - wantedBy = ["multi-user.target"]; - path = with pkgs; [ shadow ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${gce}/bin/google_accounts_daemon --debug"; - }; - }; + security.googleOsLogin.enable = true; systemd.services.google-clock-skew-daemon = { description = "Google Compute Engine Clock Skew Daemon"; |