I have this user:
users.users.myusername = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user.
};
but I still have to type in my password the first time I use sudo as that user. How do I disable prompting for the sudo password?
There’s security.sudo.wheelNeedsPassword = false; if you want all users in group wheel to never type a password.
If you only want to apply NOPASSWD to myusername, then you probably want to use security.sudo.extraRules.
security.sudo.extraRules = [
{ users = [ "myusername" ];
options = [ "NOPASSWD" ];
}
];
I’m not sure if security.sudo.extraRules will merge with an existing list, or overwrite. Hopefully someone with better knowledge can clarify.
Actually, nowadays, you need the specify at which commands( given by a “command=” argument) the options apply and wrapping both into a “commands=” argument - please note the plural. For the example, we will assume that none command needs password prompt. The code becomes accordingly:
security.sudo.extraRules= [
{ users = [ "privileged_user" ];
commands = [
{ command = "ALL" ;
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
}
];
}
];
All the required documentation is provided at https://github.com/NixOS/nixpkgs/blob/2118cf551b9944cfdb929b8ea03556f097dd0381/nixos/modules/security/sudo.nix