I’m trying to setup doas so that my user can run certain commands without password, but I can’t find the right syntax. I tried
{ pkgs, ... }:
{
security.doas.enable = true;
security.sudo.enable = false;
security.doas.extraRules = [{
users = ["username"];
keepEnv = true;
persist = true;
cmd = {
"${pkgs.nixos-rebuild}/bin/nixos-rebuild switch" = noPass: true;
"${pkgs.nixos-rebuild}/bin/nixos-rebuild boot" = noPass: true;
};
}];
}
and nil
doesn’t report any error, but it doesn’t build.
I also tried with sudo with this
{ pkgs, ... }:
{
security.sudo = {
enable = true;
extraRules = [{
users = [ "username" ];
commands = [
{
command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild boot";
options = [ "NOPASSWD" ];
}
];
}];
};
}
and although it builds correctly, after reboot I’m always asked for a password for those commands I declared. What am I doing wrong?