diff options
author | Timo Wilken | 2023-01-22 22:39:46 +0100 |
---|---|---|
committer | Timo Wilken | 2023-01-22 22:58:58 +0100 |
commit | 4d6cf9e02cdcdd51dc29a118e9af0977217c252a (patch) | |
tree | f9480bae39f003681648c02973b419b46500ffb3 /tw | |
parent | 6c4a28f1e1b9c3caac9f5f171b6f5909b909872d (diff) |
Allow guixdeploy user to do anything as root
This is required to use "guix deploy".
Diffstat (limited to 'tw')
-rw-r--r-- | tw/system/common.scm | 10 | ||||
-rw-r--r-- | tw/system/lud.scm | 1 | ||||
-rw-r--r-- | tw/system/vin.scm | 1 |
3 files changed, 12 insertions, 0 deletions
diff --git a/tw/system/common.scm b/tw/system/common.scm index 57be678b..1eb48c52 100644 --- a/tw/system/common.scm +++ b/tw/system/common.scm @@ -29,6 +29,16 @@ "keypad:oss" "kpdl:kposs"))) +(define-public %sudoers-file + (plain-file "sudoers" + (string-append + (plain-file-content %sudoers-specification) + ;; Let the "guixdeploy" user do anything as root, without a + ;; password required. "guix deploy" needs this, so that it can + ;; reconfigure the system without logging in as root. + ;; See: '(guix)Invoking guix deploy' info node. + "guixdeploy ALL = NOPASSWD: ALL\n"))) + ;; This is used for the servers, and also by (tw home common) to generate the ;; appropriate ~/.ssh/config. (define-public %ssh-ports diff --git a/tw/system/lud.scm b/tw/system/lud.scm index 5e0ffda0..54e0ea4f 100644 --- a/tw/system/lud.scm +++ b/tw/system/lud.scm @@ -204,6 +204,7 @@ ProxyPass \"/\" \"https://127.0.0.1:48448/\" (locale-definition (name "pt_BR.utf8") (source "pt_BR")) (locale-definition (name "en_US.utf8") (source "en_US")))) + (sudoers-file %sudoers-file) (hosts-file %wireguard-etc-hosts) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss) diff --git a/tw/system/vin.scm b/tw/system/vin.scm index ddecc127..b6275b5a 100644 --- a/tw/system/vin.scm +++ b/tw/system/vin.scm @@ -27,6 +27,7 @@ (locale-definition (name "fr_FR.utf8") (source "fr_FR")) (locale-definition (name "en_US.utf8") (source "en_US")))) + (sudoers-file %sudoers-file) (hosts-file %wireguard-etc-hosts) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss) |