feat(ops/nixos/camden): Enable SSH agent auth r/695

author: Vincent Ambo <tazjin@google.com> 2020-04-26T17·34+0100
committer: Vincent Ambo <tazjin@google.com> 2020-04-26T17·34+0100
commit: 7ef00d0f2748e75fa947b552fb6a717ca505ed1e (patch)
tree: 604a5ea98c228d3cb0b7687b0f9e5de3609ab9bb /ops
parent: 15323a6ee4df8f3b4be88e3258538607b1f556bd (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix
index 4fe7b43764..9d82eb9de4 100644
--- a/ops/nixos/camden/default.nix
+++ b/ops/nixos/camden/default.nix
@@ -145,6 +145,9 @@ in lib.fix(self: {
   # Join Tailscale into home network
   services.tailscale.enable = true;
 
+  # Allow sudo-ing via the forwarded SSH agent.
+  security.pam.enableSSHAgentAuth = true;
+
   # Run cgit for the depot. The onion here is nginx(thttpd(cgit)).
   systemd.services.cgit = {
     wantedBy = [ "multi-user.target" ];
author	Vincent Ambo <tazjin@google.com>	2020-04-26T17·34+0100
committer	Vincent Ambo <tazjin@google.com>	2020-04-26T17·34+0100
commit	7ef00d0f2748e75fa947b552fb6a717ca505ed1e (patch)
tree	604a5ea98c228d3cb0b7687b0f9e5de3609ab9bb /ops
parent	15323a6ee4df8f3b4be88e3258538607b1f556bd (diff)