mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-20 20:20:26 +03:00
nixos/ssm-agent: Handle sudo-rs too
This commit is contained in:
parent
a8e6f0a81a
commit
690f027251
@ -15,6 +15,11 @@ let
|
|||||||
-r) echo "${config.system.nixos.version}";;
|
-r) echo "${config.system.nixos.version}";;
|
||||||
esac
|
esac
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
sudoRule = {
|
||||||
|
users = [ "ssm-user" ];
|
||||||
|
commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ];
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
(mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ])
|
(mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ])
|
||||||
@ -51,17 +56,9 @@ in {
|
|||||||
|
|
||||||
# Add user that Session Manager needs, and give it sudo.
|
# Add user that Session Manager needs, and give it sudo.
|
||||||
# This is consistent with Amazon Linux 2 images.
|
# This is consistent with Amazon Linux 2 images.
|
||||||
security.sudo.extraRules = [
|
security.sudo.extraRules = [ sudoRule ];
|
||||||
{
|
security.sudo-rs.extraRules = [ sudoRule ];
|
||||||
users = [ "ssm-user" ];
|
|
||||||
commands = [
|
|
||||||
{
|
|
||||||
command = "ALL";
|
|
||||||
options = [ "NOPASSWD" ];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
# On Amazon Linux 2 images, the ssm-user user is pretty much a
|
# On Amazon Linux 2 images, the ssm-user user is pretty much a
|
||||||
# normal user with its own group. We do the same.
|
# normal user with its own group. We do the same.
|
||||||
users.groups.ssm-user = {};
|
users.groups.ssm-user = {};
|
||||||
|
Loading…
Reference in New Issue
Block a user