Deploy without sudo password

2023-06-26 14:05:47 +02:00 · 2023-06-26 14:05:47 +02:00 · 695a0043e2
commit 695a0043e2
parent 35b9bd3fde
1 changed files with 25 additions and 11 deletions
--- a/modules/misc/common/default.nix
+++ b/modules/misc/common/default.nix
@ -113,17 +113,31 @@
  };
  security.sudo = {
-    extraRules = [
+    extraRules =
-      {
+      let
-        users = [ "%wheel" ];
+        storePrefix = "/nix/store/*";
-        commands = [
+        systemName = "nixos-system-${config.networking.hostName}-*";
-          {
+      in
-            command = "ALL";
+      [
-            options = [ "SETENV" "NOPASSWD" ];
+        {
-          }
+          commands = [
-        ];
+            {
-      }
+              command = "${storePrefix}-nix-*/bin/nix-env -p /nix/var/nix/profiles/system --set ${storePrefix}-${systemName}";
-    ];
+              options = [ "NOPASSWD" ];
            }
          ];
          groups = [ "wheel" ];
        }
        {
          commands = [
            {
              command = "${storePrefix}-${systemName}/bin/switch-to-configuration";
              options = [ "NOPASSWD" ];
            }
          ];
          groups = [ "wheel" ];
        }
      ];
  };