kalipso/infrastructure
1
1
Fork 1
Code Issues 42 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

User Accounts/Passwords #77

New Issue
Closed
opened 2025-01-24 23:37:10 +01:00 by kalipso · 2 comments
kalipso commented 2025-01-24 23:37:10 +01:00
Owner
Copy Link

Currently all hosts/microvms use malobeo_user.nix. But this user was meant for the laptop originally, not for headless machines or vms.
One problem is that it sets the initialPassword to "test", and on microvms this most probably does not get changed. Also the user sets groups like pipewire ect for audio which is not needed on headless.

It would be good to create another user module for headless machines that either has no passwords set or sets a "secure" password that is stored as sops secret.

Currently all hosts/microvms use malobeo_user.nix. But this user was meant for the laptop originally, not for headless machines or vms. One problem is that it sets the initialPassword to "test", and on microvms this most probably does not get changed. Also the user sets groups like pipewire ect for audio which is not needed on headless. It would be good to create another user module for headless machines that either has no passwords set or sets a "secure" password that is stored as sops secret.
ahtlon commented 2025-01-25 00:50:54 +01:00
Collaborator
Copy Link

I like removing all users we don't need. And with local testing we get root access anyway. Are you already working on something or should I take this?

I like removing all users we don't need. And with local testing we get root access anyway. Are you already working on something or should I take this?
kalipso commented 2025-01-25 01:05:25 +01:00
Author
Owner
Copy Link

no feel free to take it. we can start to assign ourselve to issues we work on to make that more clear. (edit: just saw u are alreading doing it on other issues)
i write just the thoughts i had before, but feel free to propose whatever you feel makes sense:

maybe it also makes sense to remove privileges from the malobeo user on laptops and have a separate user with sudo privileges to maintain the machine.
and for the microvms it can make sense to have at least some way to log into them. for example i ssh into vpn microvm from time to time for debugging.

no feel free to take it. we can start to assign ourselve to issues we work on to make that more clear. (edit: just saw u are alreading doing it on other issues) i write just the thoughts i had before, but feel free to propose whatever you feel makes sense: > maybe it also makes sense to remove privileges from the malobeo user on laptops and have a separate user with sudo privileges to maintain the machine. > and for the microvms it can make sense to have at least some way to log into them. for example i ssh into vpn microvm from time to time for debugging.
ahtlon was assigned by kalipso 2025-01-25 01:05:30 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Bug/Problem
Lokal
Migration
Module/Disks
Module/Initssh
Request
Service
Updates
nextcloud
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ahtlon quinn kalipso
No Assignees ahtlon
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: kalipso/infrastructure#77
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?