cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #265728 from nbraud/nixos/sudo-rs/ssm-agent

Browse source
This commit is contained in:
Maciej Krüger 2023-11-26 21:37:15 +01:00 committed by GitHub
commit b63af5d7ea
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
nixos/modules/services/misc/amazon-ssm-agent.nix
View file

@ -15,6 +15,11 @@ let
-r) echo "${config.system.nixos.version}";;
esac
'';
sudoRule = {
users = [ "ssm-user" ];
commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ];
};
in {
imports = [
(mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ])
@ -54,17 +59,9 @@ in {
# Add user that Session Manager needs, and give it sudo.
# This is consistent with Amazon Linux 2 images.
security.sudo.extraRules = [
{
users = [ "ssm-user" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
security.sudo.extraRules = [ sudoRule ];
security.sudo-rs.extraRules = [ sudoRule ];
# On Amazon Linux 2 images, the ssm-user user is pretty much a
# normal user with its own group. We do the same.
users.groups.ssm-user = {};