I’ve just accidentally set security.sudo.wheelNeedsPassword on a remote machine where I don’t have a password and root can’t login. Now I can no longer modify it with deploy-rs. Oopsie.
Is there any way I could have prevented this?
My first idea was just to assert something in Nix code. I think I’d want to assert that all configs have my user in wheel and either a) !wheelNeedsPassword or b) my user has a password. I don’t think it’s possible to do b in general since passwords can often be managed outside of Nix. But, I think I’ll probably always have declarative passwords with Agenix, so that’s fine.
HOWEVER, the issue with the assertion approach is: where does the assertion go? Of course I’ll put it in my common.nix, since I import that everywhere. But… “I import this everywhere” is exactly what I thought about the module l where I set security.sudo.wheelNeedsPasssword = false. I was wrong about that, which is how I got into this mess in the first place!
I feel like what I really want here is to be able to add a hook to the deploy-rs magic rollback flow, so that instead of just checking for SSH connectivity it checks for ability to sudo over SSH. I don’t see any support for that in the deploy-rs README though.
Any other ideas/approaches I could take here?