Fork: 0
Skyworks / skyworks-Nix-infra
Transfer to URL with SHA Find file
Newer
Older
skyworks-Nix-infra / modules / users.nix
@Dixiao-L Dixiao-L on 9 Mar 683 bytes users: grant ldx full NOPASSWD sudo for deploy-rs
Raw Blame History 
{ ... }:

{
  users.users.ldx = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMNHFTC5HMO3IsggHpA+eVSCyhZSmDZz7aV62IFt7sj"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFw6Bsat10YClOV0dQWXRUZlaAork5I1QVNBwkZebOM ldx@skydick"
    ];
  };

  security.sudo.wheelNeedsPassword = true;

  # deploy-rs needs full NOPASSWD sudo — it runs activate-rs, nix-env,
  # switch-to-configuration, and confirmation commands via non-interactive SSH
  security.sudo.extraRules = [
    {
      users = [ "ldx" ];
      commands = [
        { command = "ALL"; options = [ "NOPASSWD" ]; }
      ];
    }
  ];
}