Allow restart of tor.service without password

2023-09-24 10:59:51 +00:00 · 2023-09-24 10:59:51 +00:00 · c3ca14295e
commit c3ca14295e
parent c60656b7c3
1 changed files with 19 additions and 2 deletions
--- a/modules/sudo.nix
+++ b/modules/sudo.nix
@ -1,5 +1,22 @@
 { pkgs, inputs, ... }:
-
+let
+  commandsWithoutPassword = [
+    "/run/current-system/sw/bin/systemctl restart tor.service"
+  ];
+in
 {
-  security.sudo.execWheelOnly = true;
+  security.sudo = {
+    execWheelOnly = true;
+    extraRules = [
+      {
+        groups = [ "wheel" ];
+        commands = map
+          (cmd: {
+            command = cmd;
+            options = [ "NOPASSWD" ];
+          })
+          commandsWithoutPassword;
+      }
+    ];
+  };
 }