recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nix: add root SSH authorized key to cc-ci-orchestrator-hetzner config

Browse Source 
nixos-rebuild removed the infect-provisioned authorized_keys — declare it
explicitly so rebuilds don't lock out root access.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
2026-05-31 02:35:37 +00:00
parent c44b967019
commit 497bea8462
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
nix/hosts/cc-ci-orchestrator-hetzner/configuration.nix
View File

@ -9,7 +9,15 @@
{
# hardware.nix is the nixos-infect generated hardware-configuration.nix (see README Stage 2a).
services.openssh = { enable = true; settings.PermitRootLogin = "yes"; };
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
# Root SSH access (the cc-ci-root-ed25519 key used by all loops tooling).
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcyTGb/wVgdhg5oBCZZvBaR1RuUQRY/3WHnOQpNDCsp claude-cc-ci-sandbox@20260526"
];
networking.useDHCP = true;
networking.nameservers = [ "1.1.1.1" "8.8.8.8" ];
networking.firewall = {