feat: allow passwordless sudo arbitrary command for group nasp

2025-03-05 18:52:04 +08:00 · 2025-03-05 18:52:04 +08:00 · cfdab71852
commit cfdab71852
parent bdaba5f027
1 changed files with 2 additions and 8 deletions
--- a/hosts/modules/nasp.nix
+++ b/hosts/modules/nasp.nix
@ -120,7 +120,7 @@ in
      users.users.root.openssh.authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUN7IXF4nlFcVfgHesgik3LIAiXlVMYJPm3yD13EVarQx5jqdBgk8Dwgkgf4rPO6MFpvIpinOyEO8zOS6HHQrCLZUv5yTFaDkUuB7eQ0EmpicGbmk9bHqj1HkOZxaobkpEfQUmFKYvkp4EexVw66sO0qfXvjHZ4H6yCAJLK5aUnKfgrE8tODzP82sU/mpJjW+Pq3uanNq754gaHwhxCIXG143/zp8qzBAeKe38xVqqDq9fTkG4hvzFvkRdS88i6l1z++0P3n0HGdOjtSg7P7fO7+7ZyPYr0gO5vB720Om/zxqPrGd9cicWi4P+aVKa+0ujWH/pqufWG6uCjKWHnBs7 sk0/piv/9a"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLYgVj+NPino6sOmahULN7SbAMaVAgzqPfDjz2S8zDv pc1/windows"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhS4voo3K/Dvzqckr0bouO1WkCI5XxswstHWnuuyKBz ltp1-bd"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyZILj+GxTUhdCgz2w1TxQ+aTcggnOJIb84qA4u271S asz258-17ac-bm-v0"
      ];
      users.users.root.shell = pkgs.zsh;
      system.activationScripts.dotfilesSetup.text = ''
@ -242,13 +242,7 @@ in
        path = with pkgs; [ git bash su shadow getent ];
      };
      security.sudo.extraConfig = ''
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/docker
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/whoami
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/nvidia-smi
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/shutdown
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/poweroff
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/reboot
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/ip
+        %nasp ALL = (root) NOPASSWD: ALL
      '';
    })
    # sops-nix