nixos/google-compute-config: Add sudo-rs rules

2023-10-22 19:29:19 +00:00 · 2023-10-22 19:29:19 +00:00 · 326904b128
commit 326904b128
parent a8e6f0a81a
1 changed files with 4 additions and 0 deletions
--- a/nixos/modules/virtualisation/google-compute-config.nix
+++ b/nixos/modules/virtualisation/google-compute-config.nix
@ -84,6 +84,10 @@ in
    { groups = [ "google-sudoers" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
  ];

+  security.sudo-rs.extraRules = mkIf config.users.mutableUsers [
+    { groups = [ "google-sudoers" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
+  ];
+
  users.groups.google-sudoers = mkIf config.users.mutableUsers { };

  boot.extraModprobeConfig = readFile "${pkgs.google-guest-configs}/etc/modprobe.d/gce-blacklist.conf";