Merge branch 'master' of github.com:srid/nixos-config

containers/hercules.nix

@@ -1,38 +0,0 @@
-{ config, pkgs, lib, inputs, ... }:
-
-# A separate container to run Hercules effects
-# https://docs.hercules-ci.com/hercules-ci/effects/
-#
-# TODO: Prevent access to local network, while allowing internet access
-{
-  nix.binaryCachePublicKeys = [
-    "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
-  ];
-  nix.binaryCaches = [
-    "https://hercules-ci.cachix.org"
-  ];
-
-  # FIXME: User id of `hercules-ci-agent` won't match that of guest, so we do
-  # this. But it compromises security.  See
-  # https://github.com/hercules-ci/hercules-ci-agent/issues/345#issuecomment-986329977
-  # 
-  # TODO: Find a way to resolve this.
-  nix.allowedUsers = [ "*" ];
-  nix.trustedUsers = [ "*" ];
-
-  containers.hercules = {
-    ephemeral = false;
-    autoStart = true;
-    config = { config, pkgs, ... }: {
-      imports = [
-        inputs.hercules-ci-agent.nixosModules.agent-service
-      ];
-      services.hercules-ci-agent.enable = true;
-      services.hercules-ci-agent.settings.concurrentTasks = 4;
-      nix.allowedUsers = [ "*" ];
-      nix.trustedUsers = [ "*" ];
-
-      networking.firewall.allowedTCPPorts = [ ];
-    };
-  };
-}

hosts/hetzner/ax101.nix

@@ -119,17 +119,7 @@
     isNormalUser = true;
     extraGroups = [ "wheel" "networkmanager" ];
   };
-  security.sudo.extraRules = [
-    {
-      users = [ "srid" ];
-      commands = [
-        {
-          command = "ALL";
-          options = [ "NOPASSWD" ];
-        }
-      ];
-    }
-  ];
+  security.sudo.wheelNeedsPassword = false;
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

hosts/thick.nix

@@ -4,7 +4,6 @@
   imports =
     [
       (modulesPath + "/installer/scan/not-detected.nix")
-      (../containers/hercules.nix)
     ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];