From f74fb866de4a018a749e3a592c184010c397790a Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Tue, 24 Jan 2023 22:44:39 +0100
Subject: Remove guixdeploy user again

It's probably better to just SSH in as root instead, seeing as the
guixdeploy user can otherwise do anything as root anyway.
---
 tw/system.scm | 17 -----------------
 1 file changed, 17 deletions(-)

(limited to 'tw/system.scm')

diff --git a/tw/system.scm b/tw/system.scm
index 8734885b..290b81c3 100644
--- a/tw/system.scm
+++ b/tw/system.scm
@@ -29,16 +29,6 @@
                     "keypad:oss"
                     "kpdl:kposs")))
 
-(define-public %sudoers-file
-  (plain-file "sudoers"
-              (string-append
-               (plain-file-content %sudoers-specification)
-               ;; Let the "guixdeploy" user do anything as root, without a
-               ;; password required.  "guix deploy" needs this, so that it can
-               ;; reconfigure the system without logging in as root.
-               ;; See: '(guix)Invoking guix deploy' info node.
-               "guixdeploy ALL = NOPASSWD: ALL\n")))
-
 ;; This is used for the servers, and also by (tw home) to generate the
 ;; appropriate ~/.ssh/config.
 (define-public %ssh-ports
@@ -100,13 +90,6 @@
           (home-directory "/home/timo")
           (supplementary-groups '("wheel" "netdev" "audio" "video"))
           (shell (file-append zsh "/bin/zsh")))
-         (user-account   ; needs a matching sudoers entry
-          (system? #t)
-          (name "guixdeploy")
-          (comment "Guix-deploy access")
-          (group "root")
-          (home-directory "/var/empty")
-          (create-home-directory? #f))
          %base-user-accounts))
 
 (define %wireguard-peers
-- 
cgit v1.2.3