fix sudo not accessible via pam ssh module (hyrule)

2025-07-29 16:14:00 +10:00 · 2025-07-29 16:14:00 +10:00 · 8661d198b2
commit 8661d198b2
parent f32b784ed7
1 changed files with 11 additions and 2 deletions
--- a/hosts/hyrule/default.nix
+++ b/hosts/hyrule/default.nix
@ -41,6 +41,9 @@ in {
    targetHost = "imbored.dev";
    targetUser = "ae";
    targetPort = 22;
+    sshOptions = [
+      "-A" # forward ssh-agent
+    ];
    buildOnTarget = false; # build locally then deploy
  };

@ -420,10 +423,16 @@ in {
      defaults.email = "eclarkboman@gmail.com";
    };

-    sudo.wheelNeedsPassword = true;
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = true;
+    };
    # allow SSH keys for passwordless auth
    # TODO: DO NOT USE THIS (create my own alternative to colmena)
-    pam.services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
+    pam = {
+      enableSSHAgentAuth = true;
+      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
+    };
  };

  environment.systemPackages = with pkgs; [