ed806bf5fb
The nix-daemon runs as root and cannot access the gitea-runner user's ~/.ssh directory. Solution: write the deploy key and SSH config to /etc/deploy/ and /etc/ssh/ssh_config.d/ which are readable by all users including the nix-daemon. - Deploy key is written to /etc/deploy/key (cleaned up after deploy) - SSH config in /etc/ssh/ssh_config.d/deploy.conf (cleaned up after) - Minimal NOPASSWD sudo rules for gitea-runner to manage these files - Reverts local deploy approach, back to deploy-rs over SSH |
||
|---|---|---|
| .. | ||
| comin | ||
| common | ||
| forgejo | ||
| forgejo-runner | ||
| headplane | ||
| headscale | ||
| mailserver | ||
| nginx | ||
| nixvim | ||
| normalUsers | ||
| openssh | ||
| sops | ||
| tailscale | ||
| default.nix | ||