diff options
author | nicoo <nicoo@mur.at> | 2023-10-22 19:55:05 +0000 |
---|---|---|
committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2023-11-26 20:37:43 +0000 |
commit | f0dd0185a40aeca98f08273e394e84e7f28e9728 (patch) | |
tree | 9fa225b1c6db28300af64a9f4b75599d95a14187 /nixos/modules | |
parent | 1f33d804920ef5d8ce0880435f7f37d91b29de0b (diff) |
nixos/ssm-agent: Handle sudo-rs too
(cherry picked from commit 690f027251164629d30531e6fd660a9ef15f9ea1)
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/misc/amazon-ssm-agent.nix | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/nixos/modules/services/misc/amazon-ssm-agent.nix b/nixos/modules/services/misc/amazon-ssm-agent.nix index 02e44c73d87a6..20b836abe164f 100644 --- a/nixos/modules/services/misc/amazon-ssm-agent.nix +++ b/nixos/modules/services/misc/amazon-ssm-agent.nix @@ -15,6 +15,11 @@ let -r) echo "${config.system.nixos.version}";; esac ''; + + sudoRule = { + users = [ "ssm-user" ]; + commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; + }; in { imports = [ (mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ]) @@ -54,17 +59,9 @@ in { # Add user that Session Manager needs, and give it sudo. # This is consistent with Amazon Linux 2 images. - security.sudo.extraRules = [ - { - users = [ "ssm-user" ]; - commands = [ - { - command = "ALL"; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; + security.sudo.extraRules = [ sudoRule ]; + security.sudo-rs.extraRules = [ sudoRule ]; + # On Amazon Linux 2 images, the ssm-user user is pretty much a # normal user with its own group. We do the same. users.groups.ssm-user = {}; |