Nebucatnetzer/nixos
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Deploy without sudo password

Browse Source
This commit is contained in:
Andreas Zweili 2023-06-26 14:05:47 +02:00
parent 35b9bd3fde
commit 695a0043e2
1 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
modules/misc/common/default.nix
View File

@ -113,15 +113,29 @@
}; };
security.sudo = { security.sudo = {
extraRules = [ extraRules =
let
storePrefix = "/nix/store/*";
systemName = "nixos-system-${config.networking.hostName}-*";
in
[
{ {
users = [ "%wheel" ];
commands = [ commands = [
{ {
command = "ALL"; command = "${storePrefix}-nix-*/bin/nix-env -p /nix/var/nix/profiles/system --set ${storePrefix}-${systemName}";
options = [ "SETENV" "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
]; ];
groups = [ "wheel" ];
}
{
commands = [
{
command = "${storePrefix}-${systemName}/bin/switch-to-configuration";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
} }
]; ];
}; };