03/06: hydra: build-machines: Enable non-authenticated sudo by group.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

03/06: hydra: build-machines: Enable non-authenticated sudo by group.

From:	Maxim Cournoyer
Subject:	03/06: hydra: build-machines: Enable non-authenticated sudo by group.
Date:	Sun, 25 Sep 2022 22:29:10 -0400 (EDT)

apteryx pushed a commit to branch master
in repository maintenance.

commit ae6efd3523ac5755703bc483bc7806a9627b460b
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Fri Sep 23 14:08:37 2022 -0400

    hydra: build-machines: Enable non-authenticated sudo by group.
    
    * hydra/modules/sysadmin/build-machines.scm
    (berlin-new-build-machine-os)[sudoers]: Grant access by the "wheel"
    group instead of by username.
---
 hydra/modules/sysadmin/build-machines.scm | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/hydra/modules/sysadmin/build-machines.scm 
b/hydra/modules/sysadmin/build-machines.scm
index 4d14e48..de4bd56 100644
--- a/hydra/modules/sysadmin/build-machines.scm
+++ b/hydra/modules/sysadmin/build-machines.scm
@@ -34,6 +34,8 @@
   #:use-module (sysadmin people)
   #:use-module (gnu packages ssh)
   #:use-module (ice-9 format)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26)
   #:export (build-machine-os
             berlin-new-build-machine-os
             childhurd-ip?))
@@ -299,12 +301,16 @@ Match Address 141.80.167.131
                            (number->string max-jobs)
                            "--cores"
                            (number->string max-cores)))))))))
-    ;; Allow sysadmins to use 'sudo' without a password so they can
-    ;; 'guix deploy' these machines as their own user.
+    ;; Allow sysadmins (sudoers) to use 'sudo' without a password so
+    ;; they can 'guix deploy' these machines as their own user.
     (sudoers-file
      (plain-file "sudoers"
-                 (string-append (plain-file-content %sudoers-specification)
-                               (format #f "~{~a ALL = NOPASSWD: ALL~%~}"
-                                       (map sysadmin-name sysadmins)))))))
+                 (string-join
+                  (append (remove (cut string-prefix? "%wheel" <>)
+                                  (string-split
+                                   (string-trim-right (plain-file-content
+                                                       %sudoers-specification))
+                                   #\newline))
+                         (list "%wheel ALL = NOPASSWD: ALL\n")) "\n")))))
 
 ;;; build-machines.scm end here

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (af6d488 -> 9971141), Maxim Cournoyer, 2022/09/25
- 04/06: hydra: overdrive: Allow un-authenticated sudo to wheel group., Maxim Cournoyer, 2022/09/25
- 05/06: hydra: Turn overdrive1 config into a deployable machine config., Maxim Cournoyer, 2022/09/25
- 02/06: hydra: overdrive: Enable Btrfs compression., Maxim Cournoyer, 2022/09/25
- 06/06: hydra: overdrive: Use ZRAM., Maxim Cournoyer, 2022/09/25
- 03/06: hydra: build-machines: Enable non-authenticated sudo by group., Maxim Cournoyer <=
- 01/06: hydra: Adjust Btrfs balance jobs., Maxim Cournoyer, 2022/09/25

Prev by Date: 06/06: hydra: overdrive: Use ZRAM.
Next by Date: 01/06: hydra: Adjust Btrfs balance jobs.
Previous by thread: 06/06: hydra: overdrive: Use ZRAM.
Next by thread: 01/06: hydra: Adjust Btrfs balance jobs.
Index(es):
- Date
- Thread