test

home-manager/common/software/cli/ssh.nix

@@ -4,7 +4,5 @@
   home.file.".ssh/config".text = ''
   Host 192.168.1.210
     StrictHostKeyChecking no
-  Host nixos-vm-01
-    ForwardAgent yes
   '';
 }

nixos/common/services/openssh.nix

@@ -1,4 +1,9 @@
 { config, pkgs, hostname, ... }: {
+  # enable passwordless elevation
+  # Useful for deploy-rs
+  security.pam.enableSSHAgentAuth = true;
+  programs.ssh.startAgent = true;
+  programs.ssh.agentTimeout = "1h";
   # By default no ports are open.
   # When ./tailscale.nix is imported, port 22 on the tailscale interface is then opened.
   services.openssh = {

nixos/default.nix

@@ -25,10 +25,6 @@
       ./hosts/${hostname}
     ] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop};
 
-  # enable passwordless elevation
-  # Useful for deploy-rs
-  security.pam.enableSSHAgentAuth = true;
-
   # List packages installed in system profile
   environment.systemPackages = with pkgs; [
     sbctl        # Secureboot Control

nixos/minimal.nix

@@ -13,10 +13,6 @@
       ./hosts/${hostname}
     ] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop};
   
-  # enable passwordless elevation
-  # Useful for deploy-rs
-  security.pam.enableSSHAgentAuth = true;
-  
   # List packages installed in system profile
   environment.systemPackages = with pkgs; [
     sbctl

nixos/small.nix

@@ -19,10 +19,6 @@
       ./hosts/${hostname}
     ];
   
-  # enable passwordless elevation
-  # Useful for deploy-rs
-  security.pam.enableSSHAgentAuth = true;
-  
   # List packages installed in system profile
   environment.systemPackages = with pkgs; [
     git

nixos/users/albert/default.nix

@@ -3,7 +3,7 @@ let
   ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
 in {
   # Define a user account.
-  imports = [ ]  ++ lib.optional (builtins.isString desktop) ./desktop.nix;
+  imports = [ /*./switcher.nix*/ ]  ++ lib.optional (builtins.isString desktop) ./desktop.nix;
   users.mutableUsers = false;
   users.users.albert = {
     isNormalUser = true;
@@ -22,15 +22,17 @@ in {
   nix.settings.trusted-users = [ "albert" ];
 
   # No sudo password - deploy-rs
-  security.sudo.extraRules = [
+  # security.sudo.extraRules = [
-    { 
+  #   { 
-      users = [ "albert" ];
+  #     users = [ "albert" ];
-      commands = [
+  #     commands = [
-        { 
+  #       { 
-          command = "ALL";
+  #         command = "ALL";
-          options = [ "NOPASSWD" ];
+  #         options = [ "NOPASSWD" ];
-        }
+  #       }
-      ];
+  #     ];
-    }
+  #   }
-  ];
+  # ];
+
+
 }

nixos/users/albert/switcher.nix

@@ -0,0 +1,34 @@
+{self, ...}: {
+  pkgs,
+  config,
+  ...
+}: {
+  #  https://github.com/NobbZ/nixos-config/blob/a1c99894088f43a0ba31812ad53f0e09dc36f15a/nixos/modules/switcher.nix#L14-L31
+  _file = ./switcher.nix;
+
+  environment.systemPackages = [self.packages."${pkgs.system}".switcher];
+
+  security.sudo.extraRules = let
+    storePrefix = "/nix/store/*";
+    systemName = "nixos-system-${config.networking.hostName}-*";
+  in [
+    {
+      commands = [
+        {
+          command = "${storePrefix}-nix-*/bin/nix-env -p /nix/var/nix/profiles/system --set ${storePrefix}-${systemName}";
+          options = ["NOPASSWD"];
+        }
+      ];
+      groups = ["wheel"];
+    }
+    {
+      commands = [
+        {
+          command = "${storePrefix}-${systemName}/bin/switch-to-configuration";
+          options = ["NOPASSWD"];
+        }
+      ];
+      groups = ["wheel"];
+    }
+  ];
+}