04/06: hydra: overdrive: Allow un-authenticated sudo to wheel group.

[Maxim Cournoyer]

apteryx pushed a commit to branch master
in repository maintenance.

commit 8cd6fbee6d59f65c0099020f35a9f05dd59b7511
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Fri Sep 23 14:15:15 2022 -0400

    hydra: overdrive: Allow un-authenticated sudo to wheel group.
    
    This enables reconfiguring the overdrive machines via 'guix deploy'.
    
    * hydra/modules/sysadmin/overdrive.scm (overdrive-system)
    [sudoers-file]: New field.
---
 hydra/modules/sysadmin/overdrive.scm | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/hydra/modules/sysadmin/overdrive.scm 
b/hydra/modules/sysadmin/overdrive.scm
index 43ad9dc..a74fea7 100644
--- a/hydra/modules/sysadmin/overdrive.scm
+++ b/hydra/modules/sysadmin/overdrive.scm
@@ -30,6 +30,8 @@
   #:use-module (gnu services mcron)
   #:use-module (gnu services ssh)
   #:use-module (gnu services vpn)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26)
   #:use-module ((sysadmin services) #:select (berlin-wireguard-peer))
   #:export (overdrive-system))
 
@@ -167,4 +169,16 @@
                              '("--max-jobs=2" "--cores=3")))))))
 
     (packages (cons* btrfs-progs screen openssh strace nss-certs
-                     %base-packages))))
+                     %base-packages))
+
+    ;; Allow sysadmins (sudoers) to use 'sudo' without a password so
+    ;; they can 'guix deploy' these machines as their own user.
+    (sudoers-file
+     (plain-file "sudoers"
+                 (string-join
+                  (append (remove (cut string-prefix? "%wheel" <>)
+                                  (string-split
+                                   (string-trim-right (plain-file-content
+                                                       %sudoers-specification))
+                                   #\newline))
+                         (list "%wheel ALL = NOPASSWD: ALL\n")) "\n")))))