From 4d6cf9e02cdcdd51dc29a118e9af0977217c252a Mon Sep 17 00:00:00 2001 From: Timo Wilken Date: Sun, 22 Jan 2023 22:39:46 +0100 Subject: Allow guixdeploy user to do anything as root This is required to use "guix deploy". --- tw/system/common.scm | 10 ++++++++++ tw/system/lud.scm | 1 + tw/system/vin.scm | 1 + 3 files changed, 12 insertions(+) (limited to 'tw/system') diff --git a/tw/system/common.scm b/tw/system/common.scm index 57be678b..1eb48c52 100644 --- a/tw/system/common.scm +++ b/tw/system/common.scm @@ -29,6 +29,16 @@ "keypad:oss" "kpdl:kposs"))) +(define-public %sudoers-file + (plain-file "sudoers" + (string-append + (plain-file-content %sudoers-specification) + ;; Let the "guixdeploy" user do anything as root, without a + ;; password required. "guix deploy" needs this, so that it can + ;; reconfigure the system without logging in as root. + ;; See: '(guix)Invoking guix deploy' info node. + "guixdeploy ALL = NOPASSWD: ALL\n"))) + ;; This is used for the servers, and also by (tw home common) to generate the ;; appropriate ~/.ssh/config. (define-public %ssh-ports diff --git a/tw/system/lud.scm b/tw/system/lud.scm index 5e0ffda0..54e0ea4f 100644 --- a/tw/system/lud.scm +++ b/tw/system/lud.scm @@ -204,6 +204,7 @@ ProxyPass \"/\" \"https://127.0.0.1:48448/\" (locale-definition (name "pt_BR.utf8") (source "pt_BR")) (locale-definition (name "en_US.utf8") (source "en_US")))) + (sudoers-file %sudoers-file) (hosts-file %wireguard-etc-hosts) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss) diff --git a/tw/system/vin.scm b/tw/system/vin.scm index ddecc127..b6275b5a 100644 --- a/tw/system/vin.scm +++ b/tw/system/vin.scm @@ -27,6 +27,7 @@ (locale-definition (name "fr_FR.utf8") (source "fr_FR")) (locale-definition (name "en_US.utf8") (source "en_US")))) + (sudoers-file %sudoers-file) (hosts-file %wireguard-etc-hosts) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss) -- cgit v1.2.3