From c3ca14295e3f6195b5c54268f93d77b19a5d2b10 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Sun, 24 Sep 2023 10:59:51 +0000
Subject: [PATCH] Allow restart of tor.service without password

---
 modules/sudo.nix | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/modules/sudo.nix b/modules/sudo.nix
index ebe10d1..d47d889 100644
--- a/modules/sudo.nix
+++ b/modules/sudo.nix
@@ -1,5 +1,22 @@
 { pkgs, inputs, ... }:
-
+let
+  commandsWithoutPassword = [
+    "/run/current-system/sw/bin/systemctl restart tor.service"
+  ];
+in
 {
-  security.sudo.execWheelOnly = true;
+  security.sudo = {
+    execWheelOnly = true;
+    extraRules = [
+      {
+        groups = [ "wheel" ];
+        commands = map
+          (cmd: {
+            command = cmd;
+            options = [ "NOPASSWD" ];
+          })
+          commandsWithoutPassword;
+      }
+    ];
+  };
 }