diff options
author | Maciej Krüger <mkg20001@gmail.com> | 2023-11-26 21:38:24 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-11-26 21:38:24 +0100 |
commit | 52ebd318531d8806a338bc420752f90e11e9a1fa (patch) | |
tree | b52db235ecf6bbdc9cec26760e59ca9aa3f66cbf /nixos | |
parent | 6a6d814ea7b3f5932f1194377a03afbb614470f4 (diff) | |
parent | f0dd0185a40aeca98f08273e394e84e7f28e9728 (diff) |
Merge pull request #270255 from NixOS/backport-265728-to-release-23.11
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/misc/amazon-ssm-agent.nix | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/nixos/modules/services/misc/amazon-ssm-agent.nix b/nixos/modules/services/misc/amazon-ssm-agent.nix index 02e44c73d87a6..20b836abe164f 100644 --- a/nixos/modules/services/misc/amazon-ssm-agent.nix +++ b/nixos/modules/services/misc/amazon-ssm-agent.nix @@ -15,6 +15,11 @@ let -r) echo "${config.system.nixos.version}";; esac ''; + + sudoRule = { + users = [ "ssm-user" ]; + commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; + }; in { imports = [ (mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ]) @@ -54,17 +59,9 @@ in { # Add user that Session Manager needs, and give it sudo. # This is consistent with Amazon Linux 2 images. - security.sudo.extraRules = [ - { - users = [ "ssm-user" ]; - commands = [ - { - command = "ALL"; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; + security.sudo.extraRules = [ sudoRule ]; + security.sudo-rs.extraRules = [ sudoRule ]; + # On Amazon Linux 2 images, the ssm-user user is pretty much a # normal user with its own group. We do the same. users.groups.ssm-user = {}; |