fix group and command

2025-04-21 23:24:10 +08:00
parent 5c0196c3f7
commit 11e4e1b850
2 changed files with 8 additions and 8 deletions
--- a/modules/nixos/core/system.nix
+++ b/modules/nixos/core/system.nix
@@ -34,7 +34,8 @@
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      trusted-users = [ "root" ];
-
+      build-users-group = "nixbld";
+      
      # Enable local binary cache
      keep-outputs = true;
      keep-derivations = true;
--- a/modules/nixos/user.nix
+++ b/modules/nixos/user.nix
@@ -16,12 +16,15 @@
        "wheel"
        "networkmanager"
        "audio"
+        "nixbld"
      ];
      openssh.authorizedKeys.keys = [
      ];
    };
  };

+  binPath = "${pkgs.nix}/bin";
+
  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
  security.sudo = {
    # wheelNeedsPassword = false;
@@ -31,7 +34,7 @@
        commands =
          [
            {
-              command = "/run/current-system/sw/bin/nix-store";
+              command = "${binPath}/nix-store";
              options = [ "NOPASSWD" ];
            }
            {
@@ -39,15 +42,11 @@
              options = [ "NOPASSWD" "SETENV" ];
            }
            {
-              command = "${pkgs.systemd}/bin/systemctl suspend";
+              command = "${binPath}/reboot";
              options = [ "NOPASSWD" ];
            }
            {
-              command = "${pkgs.systemd}/bin/reboot";
-              options = [ "NOPASSWD" ];
-            }
-            {
-              command = "${pkgs.systemd}/bin/poweroff";
+              command = "${binPath}/bin/poweroff";
              options = [ "NOPASSWD" ];
            }
          ];