From 0d4f709757c2cf3f8082271f11efc53919ff44c9 Mon Sep 17 00:00:00 2001
From: Griffin Smith <grfn@gws.fyi>
Date: Thu, 2 Jul 2020 17:53:59 -0400
Subject: feat(whitby): Allow wheel users to sudo without a password

This *should* translate to the required invocation to make sudo allow
nopasswd for users in the wheel group.

Change-Id: I3713862b8df9087cfbaa72d7e824bc43469f7c1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/857
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
---
 ops/nixos/whitby/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix
index e79ca8bb332f..ef45b91a3b39 100644
--- a/ops/nixos/whitby/default.nix
+++ b/ops/nixos/whitby/default.nix
@@ -156,6 +156,13 @@ in systemForConfig {
     zfstools
   ];
 
+  security.sudo.extraRules = [
+    {
+      groups = ["wheel"];
+      commands = [{ command = "ALL"; options = ["NOPASSWD"]; }];
+    }
+  ];
+
   users = {
     users.root.openssh.authorizedKeys.keys = [
       depot.users.tazjin.keys.frog
-- 
cgit 1.4.1