feat(whitby): Allow wheel users to sudo without a password r/1174

This *should* translate to the required invocation to make sudo allow nopasswd for users in the wheel group. Change-Id: I3713862b8df9087cfbaa72d7e824bc43469f7c1c Reviewed-on: https://cl.tvl.fyi/c/depot/+/857 Reviewed-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
author: Griffin Smith <grfn@gws.fyi> 2020-07-02T21·53-0400
committer: glittershark <grfn@gws.fyi> 2020-07-02T22·00+0000
commit: 0d4f709757c2cf3f8082271f11efc53919ff44c9 (patch)
tree: 602520f373f7aef9d0e4400269e0a6da245fabfc
parent: 6fd3371e94fa529e39a9c047f2eef81f3b4ec43c (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix
index e79ca8bb33..ef45b91a3b 100644
--- a/ops/nixos/whitby/default.nix
+++ b/ops/nixos/whitby/default.nix
@@ -156,6 +156,13 @@ in systemForConfig {
     zfstools
   ];
 
+  security.sudo.extraRules = [
+    {
+      groups = ["wheel"];
+      commands = [{ command = "ALL"; options = ["NOPASSWD"]; }];
+    }
+  ];
+
   users = {
     users.root.openssh.authorizedKeys.keys = [
       depot.users.tazjin.keys.frog
author	Griffin Smith <grfn@gws.fyi>	2020-07-02T21·53-0400
committer	glittershark <grfn@gws.fyi>	2020-07-02T22·00+0000
commit	0d4f709757c2cf3f8082271f11efc53919ff44c9 (patch)
tree	602520f373f7aef9d0e4400269e0a6da245fabfc
parent	6fd3371e94fa529e39a9c047f2eef81f3b4ec43c (diff)