fix: passwordless sudo only for yule

This commit is contained in:
Benjamin Bädorf 2023-10-26 14:09:11 +02:00
parent 9995e15760
commit 615ef9a856
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
3 changed files with 18 additions and 11 deletions

View file

@ -29,17 +29,6 @@ in {
# Limit the use of sudo to the group wheel
security.sudo.execWheelOnly = true;
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
# Remove the complete default environment of packages like
# nano, perl and rsync

View file

@ -28,6 +28,11 @@ with lib; {
type = types.nullOr types.str;
default = null;
};
passwordlessSudo = mkOption {
description = "Whether this user can use sudo without entering a password";
type = types.bool;
default = false;
};
publicKeys = mkOption {
description = "User SSH public keys";
type = types.listOf types.str;
@ -81,5 +86,17 @@ with lib; {
else [];
};
};
security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
};
}

View file

@ -15,6 +15,7 @@ in {
name = "yule";
description = "b12f";
password = "$y$j9T$x1nyqcXw/1iYKo3054cdB1$0TOuyE5t5ZV6z9Gzl9zIrmZGADBxupnwcUMTcMtMa73";
passwordlessSudo = true;
fullName = "Benjamin Bädorf";
email = "hello@benjaminbaedorf.eu";
gpgKeyId = "4406E80E13CD656C";