diff options
| author | Maciej Krüger <mkg20001@gmail.com> | 2023-11-11 18:09:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-11 18:09:20 +0100 |
| commit | c647a12d7fb398bcf0eea6f8499a825139b3ebaa (patch) | |
| tree | dbdb8bb6c4702f0b935b01ed5216d5363a045656 | |
| parent | 580fc8a960816d4f3feab9492aadbad617f0a1fb (diff) | |
| parent | 326904b12883d033755940f02248b36053abbcf2 (diff) | |
Merge pull request #265725 from nbraud/nixos/sudo-rs/gce
| -rw-r--r-- | nixos/modules/virtualisation/google-compute-config.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 3c503f027d798..887af26949feb 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -84,6 +84,10 @@ in { groups = [ "google-sudoers" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } ]; + security.sudo-rs.extraRules = mkIf config.users.mutableUsers [ + { groups = [ "google-sudoers" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } + ]; + users.groups.google-sudoers = mkIf config.users.mutableUsers { }; boot.extraModprobeConfig = readFile "${pkgs.google-guest-configs}/etc/modprobe.d/gce-blacklist.conf"; |