diff options
author | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2020-03-17 22:10:40 -0400 |
---|---|---|
committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2020-03-17 23:01:07 -0400 |
commit | f6b950319cb41822e2b3f1b55357037da433e1df (patch) | |
tree | cc8afa374809a46044b36c58bb09d19e5060b556 | |
parent | ce9fc7e8ab821d12977bdf4ca9bff3e20eb16c07 (diff) | |
download | guix-f6b950319cb41822e2b3f1b55357037da433e1df.tar guix-f6b950319cb41822e2b3f1b55357037da433e1df.tar.gz |
gnu: system: Export %sudoers-specification.
Exporting this variable allows reusing the default value of the `sudoers-file'
field when configuring it.
* gnu/system.scm (gnu): Export %sudoers-specification.
* doc/guix.texi (Invoking guix deploy): Document an example, to use with 'guix
deploy'.
-rw-r--r-- | doc/guix.texi | 24 | ||||
-rw-r--r-- | gnu/system.scm | 1 |
2 files changed, 23 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index a0920adc1c..086b1d9751 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -26996,8 +26996,28 @@ login over SSH may be forbidden in some cases. To work around this, @command{guix deploy} can log in as an unprivileged user and employ @code{sudo} to escalate privileges. This will only work if @code{sudo} is currently installed on the remote and can be invoked non-interactively as -@code{user}. That is: the line in @code{sudoers} granting @code{user} the -ability to use @code{sudo} must contain the @code{NOPASSWD} tag. +@code{user}. That is, the line in @code{sudoers} granting @code{user} the +ability to use @code{sudo} must contain the @code{NOPASSWD} tag. This can +be accomplished with the following operating system configuration snippet: + +@lisp +(use-modules ... + (gnu system) ;for %sudoers-specification)) + +(define %user "username") + +(operating-system + ... + (sudoers-file + (plain-file "sudoers" + (string-append (plain-file-content %sudoers-specification) + (format #f "~a ALL = NOPASSWD: ALL~%" + %username))))) + +@end lisp + +For more information regarding the format of the @file{sudoers} file, +consult @command{man sudoers}. @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix diff --git a/gnu/system.scm b/gnu/system.scm index cfc730a41c..06c58c27ba 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -138,6 +138,7 @@ local-host-aliases %root-account %setuid-programs + %sudoers-specification %base-packages %base-firmware)) |