From 11e4e1b850f723bdd7d830f66b31251a1348f28d Mon Sep 17 00:00:00 2001 From: alex Date: Mon, 21 Apr 2025 23:24:10 +0800 Subject: [PATCH] fix group and command --- modules/nixos/core/system.nix | 3 ++- modules/nixos/user.nix | 13 ++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/nixos/core/system.nix b/modules/nixos/core/system.nix index db9322c..2e7d8e7 100644 --- a/modules/nixos/core/system.nix +++ b/modules/nixos/core/system.nix @@ -34,7 +34,8 @@ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; trusted-users = [ "root" ]; - + build-users-group = "nixbld"; + # Enable local binary cache keep-outputs = true; keep-derivations = true; diff --git a/modules/nixos/user.nix b/modules/nixos/user.nix index 35abc94..92eb99e 100644 --- a/modules/nixos/user.nix +++ b/modules/nixos/user.nix @@ -16,12 +16,15 @@ "wheel" "networkmanager" "audio" + "nixbld" ]; openssh.authorizedKeys.keys = [ ]; }; }; + binPath = "${pkgs.nix}/bin"; + # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure` security.sudo = { # wheelNeedsPassword = false; @@ -31,7 +34,7 @@ commands = [ { - command = "/run/current-system/sw/bin/nix-store"; + command = "${binPath}/nix-store"; options = [ "NOPASSWD" ]; } { @@ -39,15 +42,11 @@ options = [ "NOPASSWD" "SETENV" ]; } { - command = "${pkgs.systemd}/bin/systemctl suspend"; + command = "${binPath}/reboot"; options = [ "NOPASSWD" ]; } { - command = "${pkgs.systemd}/bin/reboot"; - options = [ "NOPASSWD" ]; - } - { - command = "${pkgs.systemd}/bin/poweroff"; + command = "${binPath}/bin/poweroff"; options = [ "NOPASSWD" ]; } ];