From 81ff91f425dfd4614187be8efa08da9925b8cbb8 Mon Sep 17 00:00:00 2001
From: Bailey Stevens <me@mtxyz.me>
Date: Wed, 16 Aug 2023 12:44:20 -0400
Subject: [PATCH] Deploys as non-root user

---
 citrus.nix | 5 +++++
 flake.nix  | 1 +
 2 files changed, 6 insertions(+)

diff --git a/citrus.nix b/citrus.nix
index dcbba0a..c9ba38a 100644
--- a/citrus.nix
+++ b/citrus.nix
@@ -26,6 +26,11 @@
     };
   };
 
+  security.sudo.wheelNeedsPassword = false; # Needed for colmena.
+  nix.settings.trusted-users = [ "root" "@wheel" ];
+
+  documentation.man.enable = false; # Takes way too long to build.
+
   # Allow SSH with authorized keys only!
   services.openssh = {
     enable = true;
diff --git a/flake.nix b/flake.nix
index 778e0ac..5814747 100644
--- a/flake.nix
+++ b/flake.nix
@@ -52,6 +52,7 @@
         colmena = {
           meta.nixpkgs = pkgs;
           orange = {
+            deployment.targetUser = "geekygay";
             imports = modules;
           };
         };