remove old monitoring user and try to fix sudo for the new user

2024-08-21 01:21:45 +02:00 · 2024-08-21 01:21:45 +02:00 · cd10452112
commit cd10452112
parent 05459a50e1
2 changed files with 11 additions and 23 deletions
--- a/checkmk-agent.nix
+++ b/checkmk-agent.nix
@ -1,22 +1,18 @@
 { lib, pkgs, ... }:

 let
-	agentcmd = "${ (pkgs.callPackage ./checkmk-agent/default.nix { }) }/bin/check_mk_agent.sshwrapper";
+  agentcmd = "${ (pkgs.callPackage ./checkmk-agent/default.nix { }) }/bin/check_mk_agent.sshwrapper";
 in
 {
  users.users.mon = {
-	  isNormalUser = true;
-		extraGroups = [ "wheel" ];
-		openssh.authorizedKeys.keys = [
-			''restrict,command="${ agentcmd }" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHkivi9Ye/Uj4ZQxrEfarSaz0iLF/XXhY/crNsLoDMu checkmk''
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      ''restrict,command="${ agentcmd }" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHkivi9Ye/Uj4ZQxrEfarSaz0iLF/XXhY/crNsLoDMu checkmk''
    ];
-	};
-	security.sudo.extraRules = [ {
-		users = [ "mon" ];
-		commands = [ {
-			command = agentcmd;
-			options = [ "NOPASSWD" ];
-			} ];
-		}
-	];
+  };
+  security.sudo.extraConfig = ''
+    ## Allow the monitor user to run commands as root
+    mon       ALL=(ALL)       NOPASSWD: ALL
+    '';
 }