feat: don't ask for password for wheel group

2026-02-23 16:34:48 +01:00 · 2024-01-23 12:13:58 +08:00
parent 360c218344
commit e4eb232d8f
1 changed files with 5 additions and 16 deletions
--- a/modules/nixos/base/user-group.nix
+++ b/modules/nixos/base/user-group.nix
@@ -41,20 +41,9 @@
    openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
  };

-  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
-  security.sudo.extraRules = [
-    {
-      users = [username];
-      commands = [
-        {
-          command = "/run/current-system/sw/bin/nix-store";
-          options = ["NOPASSWD"];
-        }
-        {
-          command = "/run/current-system/sw/bin/nix-copy-closure";
-          options = ["NOPASSWD"];
-        }
-      ];
-    }
-  ];
+  # The wheel group is a special user group,
+  # which can access to the `su` or `sudo` command to run commands as super user.
+  #
+  # Don't ask for password for wheel group
+  security.sudo.wheelNeedsPassword = false;
 }