ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-20 20:20:26 +03:00
Code Issues Projects Releases Wiki Activity

nixos/ssm-agent: Handle sudo-rs too

Browse Source
This commit is contained in:
nicoo 2023-10-22 19:55:05 +00:00
parent a8e6f0a81a
commit 690f027251
1 changed files with 8 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
nixos/modules/services/misc/amazon-ssm-agent.nix
View File

@ -15,6 +15,11 @@ let
-r) echo "${config.system.nixos.version}";; -r) echo "${config.system.nixos.version}";;
esac esac
''; '';
sudoRule = {
users = [ "ssm-user" ];
commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ];
};
in { in {
imports = [ imports = [
(mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ]) (mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ])
@ -51,17 +56,9 @@ in {
# Add user that Session Manager needs, and give it sudo. # Add user that Session Manager needs, and give it sudo.
# This is consistent with Amazon Linux 2 images. # This is consistent with Amazon Linux 2 images.
security.sudo.extraRules = [ security.sudo.extraRules = [ sudoRule ];
{ security.sudo-rs.extraRules = [ sudoRule ];
users = [ "ssm-user" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
# On Amazon Linux 2 images, the ssm-user user is pretty much a # On Amazon Linux 2 images, the ssm-user user is pretty much a
# normal user with its own group. We do the same. # normal user with its own group. We do the same.
users.groups.ssm-user = {}; users.groups.ssm-user = {};