From 8661d198b22d2554db65976e9162c7109398f501 Mon Sep 17 00:00:00 2001
From: Emile Clark-Boman <eclarkboman@gmail.com>
Date: Tue, 29 Jul 2025 16:14:00 +1000
Subject: [PATCH] fix sudo not accessible via pam ssh module (hyrule)

---
 hosts/hyrule/default.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix
index 12c96ab..a21a5ac 100755
--- a/hosts/hyrule/default.nix
+++ b/hosts/hyrule/default.nix
@@ -41,6 +41,9 @@ in {
     targetHost = "imbored.dev";
     targetUser = "ae";
     targetPort = 22;
+    sshOptions = [
+      "-A" # forward ssh-agent
+    ];
     buildOnTarget = false; # build locally then deploy
   };
 
@@ -420,10 +423,16 @@ in {
       defaults.email = "eclarkboman@gmail.com";
     };
 
-    sudo.wheelNeedsPassword = true;
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = true;
+    };
     # allow SSH keys for passwordless auth
     # TODO: DO NOT USE THIS (create my own alternative to colmena)
-    pam.services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
+    pam = {
+      enableSSHAgentAuth = true;
+      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
+    };
   };
 
   environment.systemPackages = with pkgs; [