diff options
| author | Jack Kelly <jack@jackkelly.name> | 2020-09-29 09:15:36 +1000 |
|---|---|---|
| committer | Jack Kelly <jack@jackkelly.name> | 2020-10-07 09:36:21 +1000 |
| commit | 0d417929bf7c4e58123f3a3de6d73e67e17663ea (patch) | |
| tree | ca38428cec734b6df3aca59db0745b4b343367fb /nixos/modules/services/misc/ssm-agent.nix | |
| parent | 046c6a7038998507134981c8a294bb70861484bf (diff) | |
| download | nixpkgs-0d417929bf7c4e58123f3a3de6d73e67e17663ea.tar nixpkgs-0d417929bf7c4e58123f3a3de6d73e67e17663ea.tar.gz nixpkgs-0d417929bf7c4e58123f3a3de6d73e67e17663ea.tar.bz2 nixpkgs-0d417929bf7c4e58123f3a3de6d73e67e17663ea.tar.lz nixpkgs-0d417929bf7c4e58123f3a3de6d73e67e17663ea.tar.xz nixpkgs-0d417929bf7c4e58123f3a3de6d73e67e17663ea.tar.zst nixpkgs-0d417929bf7c4e58123f3a3de6d73e67e17663ea.zip | |
ssm-agent: fix bad user declaration
Diffstat (limited to 'nixos/modules/services/misc/ssm-agent.nix')
| -rw-r--r-- | nixos/modules/services/misc/ssm-agent.nix | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/ssm-agent.nix b/nixos/modules/services/misc/ssm-agent.nix index 00e806695fd..e50b07e0b86 100644 --- a/nixos/modules/services/misc/ssm-agent.nix +++ b/nixos/modules/services/misc/ssm-agent.nix @@ -29,8 +29,6 @@ in { config = mkIf cfg.enable { systemd.services.ssm-agent = { - users.extraUsers.ssm-user = {}; - inherit (cfg.package.meta) description; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -43,5 +41,26 @@ in { RestartSec = "15min"; }; }; + + # Add user that Session Manager needs, and give it sudo. + # This is consistent with Amazon Linux 2 images. + security.sudo.extraRules = [ + { + users = [ "ssm-user" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + # On Amazon Linux 2 images, the ssm-user user is pretty much a + # normal user with its own group. We do the same. + users.groups.ssm-user = {}; + users.users.ssm-user = { + isNormalUser = true; + group = "ssm-user"; + }; }; } |