Don't put people in the wheel group, to avoid sudo -i, use ssh root@localhost instead.

This commit is contained in:
Ingolf Wagner 2024-06-07 20:03:08 +02:00
parent bd674ce4eb
commit b7b0535b74
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B

View file

@ -71,7 +71,7 @@ in
uid = cfg.uid; uid = cfg.uid;
home = "/home/${cfg.userName}"; home = "/home/${cfg.userName}";
initialPassword = cfg.userName; initialPassword = cfg.userName;
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" ] extraGroups = [ "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" ]
++ dockerGroup ++ vboxGroup ++ cfg.extraGroups; ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles; openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
group = config.users.groups.mainUser.name; group = config.users.groups.mainUser.name;