fix: passwordless sudo only for yule
This commit is contained in:
parent
9995e15760
commit
615ef9a856
|
@ -29,17 +29,6 @@ in {
|
|||
|
||||
# Limit the use of sudo to the group wheel
|
||||
security.sudo.execWheelOnly = true;
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
users = ["${psCfg.user.name}"];
|
||||
commands = [
|
||||
{
|
||||
command = "ALL";
|
||||
options = ["NOPASSWD"];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
# Remove the complete default environment of packages like
|
||||
# nano, perl and rsync
|
||||
|
|
|
@ -28,6 +28,11 @@ with lib; {
|
|||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
};
|
||||
passwordlessSudo = mkOption {
|
||||
description = "Whether this user can use sudo without entering a password";
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
publicKeys = mkOption {
|
||||
description = "User SSH public keys";
|
||||
type = types.listOf types.str;
|
||||
|
@ -81,5 +86,17 @@ with lib; {
|
|||
else [];
|
||||
};
|
||||
};
|
||||
|
||||
security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [
|
||||
{
|
||||
users = ["${psCfg.user.name}"];
|
||||
commands = [
|
||||
{
|
||||
command = "ALL";
|
||||
options = ["NOPASSWD"];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -15,6 +15,7 @@ in {
|
|||
name = "yule";
|
||||
description = "b12f";
|
||||
password = "$y$j9T$x1nyqcXw/1iYKo3054cdB1$0TOuyE5t5ZV6z9Gzl9zIrmZGADBxupnwcUMTcMtMa73";
|
||||
passwordlessSudo = true;
|
||||
fullName = "Benjamin Bädorf";
|
||||
email = "hello@benjaminbaedorf.eu";
|
||||
gpgKeyId = "4406E80E13CD656C";
|
||||
|
|
Loading…
Reference in a new issue