From f8f2d0b73f0437c93f80171c68f1d42f1326fe58 Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <alex@jakalx.net>
Date: Wed, 14 Jul 2021 18:55:51 +0200
Subject: [PATCH] security: Allow alex to run nixos-rebuild

---
 thrall/configuration.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/thrall/configuration.nix b/thrall/configuration.nix
index 666e740..7e5bd6d 100644
--- a/thrall/configuration.nix
+++ b/thrall/configuration.nix
@@ -61,6 +61,20 @@
     email = "alex@jakalx.net";
   };
 
+  security.sudo = {
+    enable = true;
+    execWheelOnly = true;
+    extraRules = [
+      { groups = [ "wheel" ];
+        commands = [
+	  { command = "/run/current-system/sw/bin/nixos-rebuild switch";
+	    options = [ "NOPASSWD" ];
+	  }
+	];
+      }
+    ];
+  };
+
   # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
   console = {