From 2072da67a536c9194fae9d8a3881720347d3305b Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Mon, 4 Mar 2024 18:28:49 +0800
Subject: [PATCH] fix(security): enable sudo password for ryan, use root for
 remote deployment

---
 modules/nixos/base/user-group.nix | 8 ++------
 systems/colmena.nix               | 3 ++-
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/modules/nixos/base/user-group.nix b/modules/nixos/base/user-group.nix
index 59d6dbeb..128da9d3 100644
--- a/modules/nixos/base/user-group.nix
+++ b/modules/nixos/base/user-group.nix
@@ -36,14 +36,10 @@
       "libvirtd"
     ];
   };
+
+  # root's ssh key are mainly used for remote deployment
   users.users.root = {
     initialHashedPassword = config.users.users."${username}".initialHashedPassword;
     openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
   };
-
-  # The wheel group is a special user group,
-  # which can access to the `su` or `sudo` command to run commands as super user.
-  #
-  # Don't ask for password for wheel group
-  security.sudo.wheelNeedsPassword = false;
 }
diff --git a/systems/colmena.nix b/systems/colmena.nix
index beab1bf0..b1ea9556 100644
--- a/systems/colmena.nix
+++ b/systems/colmena.nix
@@ -7,6 +7,7 @@ with allSystemAttrs; let
     inherit home-manager;
     inherit nixpkgs; # or nixpkgs-unstable
     specialArgs = allSystemSpecialArgs.x64_system;
+    targetUser = "root";
   };
 
   # riscv64 related
@@ -38,7 +39,7 @@ with allSystemAttrs; let
     inherit home-manager;
     inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable
     specialArgs = rk3588_specialArgs;
-    targetUser = "ryan";
+    targetUser = "root";
   };
 in {
   # colmena - remote deployment via SSH