Deploy without sudo password

2023-06-26 14:05:47 +02:00 · 2023-06-26 14:05:47 +02:00 · 695a0043e2
parent 35b9bd3fde
commit 695a0043e2
1 changed files with 25 additions and 11 deletions
--- a/modules/misc/common/default.nix
+++ b/modules/misc/common/default.nix
@ -113,17 +113,31 @@
  };

  security.sudo = {
-    extraRules = [
-      {
-        users = [ "%wheel" ];
-        commands = [
-          {
-            command = "ALL";
-            options = [ "SETENV" "NOPASSWD" ];
-          }
-        ];
-      }
-    ];
+    extraRules =
+      let
+        storePrefix = "/nix/store/*";
+        systemName = "nixos-system-${config.networking.hostName}-*";
+      in
+      [
+        {
+          commands = [
+            {
+              command = "${storePrefix}-nix-*/bin/nix-env -p /nix/var/nix/profiles/system --set ${storePrefix}-${systemName}";
+              options = [ "NOPASSWD" ];
+            }
+          ];
+          groups = [ "wheel" ];
+        }
+        {
+          commands = [
+            {
+              command = "${storePrefix}-${systemName}/bin/switch-to-configuration";
+              options = [ "NOPASSWD" ];
+            }
+          ];
+          groups = [ "wheel" ];
+        }
+      ];
  };