Custom ssh config, passwordless sudo

configuration.nix

@@ -187,9 +187,12 @@ in
     ];
   };
 
-  users.extraUsers.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
-  ];
+  # Passwordless sudo
+  security.sudo.wheelNeedsPassword = false;
+
+  # users.extraUsers.root.openssh.authorizedKeys.keys = [
+  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
+  # ];
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget

deploy.sh

@@ -1,8 +1,19 @@
 #!/usr/bin/env bash
 
-for NIXHOST in $(cat inventory); do
+cd $(dirname $0)
+
+for NIXHOST in $(ls node); do
+	NIXHOST=${NIXHOST%.*}
+
+	if [ -z "$SSH_USER" ]; then
+		SSH_DEST=$NIXHOST
+	else
+		SSH_DEST=$SSH_USER@$NIXHOST
+	fi
+
 	echo "==== DOING $NIXHOST ===="
-	cat configuration.nix | ssh root@$NIXHOST tee /etc/nixos/configuration.nix > /dev/null
-	cat node/$NIXHOST.nix | ssh root@$NIXHOST tee /etc/nixos/node.nix > /dev/null
-	ssh root@$NIXHOST nixos-rebuild switch
+
+	cat configuration.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/configuration.nix > /dev/null
+	cat node/$NIXHOST.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/node.nix > /dev/null
+	ssh -F ssh_config $SSH_DEST sudo nixos-rebuild switch
 done

inventory

@@ -1,3 +0,0 @@
-caribou
-carcajou
-cariacou

ssh_config

@@ -0,0 +1,10 @@
+UserKnownHostsFile ./ssh_known_hosts
+
+Host caribou
+	HostName 10.42.0.23
+
+Host carcajou
+	HostName 10.42.0.22
+
+Host cariacou
+	HostName 10.42.0.21

ssh_known_hosts

@@ -0,0 +1,3 @@
+10.42.0.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXyY9yZdq/VYpg3K1plBzFvim41tWlu+Dmov3BNSm39
+10.42.0.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYIRbHPU1w1xWRpm2+u3QsXOKfMjv1EXrpYbHT+epds
+10.42.0.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNRilSqrgqdZlLdhN2eOY5ZMbzqpeqAdIf6QuChhXU+