diff options
| author | Silvan Mosberger <contact@infinisil.com> | 2020-10-08 23:28:13 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-08 23:28:13 +0200 |
| commit | 6ee8491cb11a0b1323d20bcc024a32b1e80d2f13 (patch) | |
| tree | 5994f0b8e99a0f842bf39dec5330d61fc73f87aa /nixos/modules | |
| parent | 7c36c71b00d1fa07e2f18ec705315adb0c4352e6 (diff) | |
| parent | 0d417929bf7c4e58123f3a3de6d73e67e17663ea (diff) | |
Merge pull request #99520 from endgame/ssm-agent-user-fix
ssm-agent: fix bad user declaration
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/misc/ssm-agent.nix | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/ssm-agent.nix b/nixos/modules/services/misc/ssm-agent.nix index 00e806695fd5..e50b07e0b862 100644 --- a/nixos/modules/services/misc/ssm-agent.nix +++ b/nixos/modules/services/misc/ssm-agent.nix @@ -29,8 +29,6 @@ in { config = mkIf cfg.enable { systemd.services.ssm-agent = { - users.extraUsers.ssm-user = {}; - inherit (cfg.package.meta) description; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -43,5 +41,26 @@ in { RestartSec = "15min"; }; }; + + # Add user that Session Manager needs, and give it sudo. + # This is consistent with Amazon Linux 2 images. + security.sudo.extraRules = [ + { + users = [ "ssm-user" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + # On Amazon Linux 2 images, the ssm-user user is pretty much a + # normal user with its own group. We do the same. + users.groups.ssm-user = {}; + users.users.ssm-user = { + isNormalUser = true; + group = "ssm-user"; + }; }; } |