From 4dfcf1c5cf4937c10fecdda3ef697aee0ce1b6b1 Mon Sep 17 00:00:00 2001
From: Shahab Dogar <shahab@dogar.dev>
Date: Sun, 7 Sep 2025 09:31:52 +0500
Subject: [PATCH] update nix config to allow remote sudo without password

---
 nixos/master/configuration.nix | 44 +++++++++-------------------------
 1 file changed, 11 insertions(+), 33 deletions(-)

diff --git a/nixos/master/configuration.nix b/nixos/master/configuration.nix
index 94e67fa..7a17fc0 100644
--- a/nixos/master/configuration.nix
+++ b/nixos/master/configuration.nix
@@ -5,12 +5,11 @@
 { pkgs, meta, ... }:
 
 {
-  imports =
-    [ # Include the results of the hardware scan.
-    ];
+  imports = [ ./hardware-configuration.nix ];
 
   nix = {
     package = pkgs.nixFlakes;
+    settings.require-sigs = false;
     extraOptions = ''
       experimental-features = nix-command flakes
     '';
@@ -43,16 +42,11 @@
   # Set your time zone.
   time.timeZone = "Asia/Karachi";
 
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
   # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
   console = {
     font = "Lat2-Terminus16";
     keyMap = "us";
-    #useXkbConfig = true; # use xkb.options in tty.
   };
 
   # Fixes for longhorn
@@ -61,12 +55,6 @@
   ];
   virtualisation.docker.logDriver = "json-file";
 
-  # Enable the X11 windowing system.
-  # services.xserver.enable = true;
-
-  # Configure keymap in X11
-  # services.xserver.xkb.layout = "us";
-  # services.xserver.xkb.options = "eurosign:e,caps:escape";
   services.k3s = {
     enable = true;
     role = "server";
@@ -77,7 +65,6 @@
 	    "--disable servicelb"
 	    "--disable traefik"
 	    "--disable local-storage"
-      "--tls-san homelab-0"
     ] ++ (if meta.hostname == "homelab-0" then [] else [
 	      "--server https://192.168.18.10:6443"
     ]));
@@ -89,16 +76,6 @@
     name = "iqn.2016-04.com.open-iscsi:${meta.hostname}";
   };
 
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  # Enable sound.
-  # sound.enable = true;
-  # hardware.pulseaudio.enable = true;
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.shahab = {
     isNormalUser = true;
@@ -114,6 +91,15 @@
     ];
   };
 
+  security.sudo.extraRules = [
+    {
+      users = ["shahab"];
+      commands = [
+        { command = "ALL"; options = ["NOPASSWD"]; }
+      ];
+    }
+  ];
+
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
@@ -124,14 +110,6 @@
      git
   ];
 
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
   # List services that you want to enable:
 
   # Enable the OpenSSH daemon.