From 1b60dc3e87ff4abc9525f2fabc806dedb8203567 Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Fri, 30 Jun 2023 10:26:19 +0100
Subject: [PATCH] Split off sudo module.

---
 hosts/common/compute-node.nix | 9 +--------
 hosts/common/global/sudo.nix  | 5 +++++
 hosts/common/impermanence.nix | 5 +++++
 3 files changed, 11 insertions(+), 8 deletions(-)
 create mode 100644 hosts/common/global/sudo.nix

diff --git a/hosts/common/compute-node.nix b/hosts/common/compute-node.nix
index ff4d2ea..f5cfdf5 100644
--- a/hosts/common/compute-node.nix
+++ b/hosts/common/compute-node.nix
@@ -3,6 +3,7 @@
   imports = [
     ./impermanence.nix
     ./sshd.nix
+    ./sudo.nix
     ./user-ppetru.nix
   ];
 
@@ -14,14 +15,6 @@
       keyFile = "/dev/sda";
   };
 
-  security.sudo = {
-    extraConfig = ''
-      # rollback results in sudo lectures after each reboot
-      Defaults lecture = never
-    '';
-    wheelNeedsPassword = false;
-  };
-
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
diff --git a/hosts/common/global/sudo.nix b/hosts/common/global/sudo.nix
new file mode 100644
index 0000000..599487a
--- /dev/null
+++ b/hosts/common/global/sudo.nix
@@ -0,0 +1,5 @@
+{
+  security.sudo = {
+    wheelNeedsPassword = false;
+  };
+}
diff --git a/hosts/common/impermanence.nix b/hosts/common/impermanence.nix
index 3df8f86..15fc639 100644
--- a/hosts/common/impermanence.nix
+++ b/hosts/common/impermanence.nix
@@ -24,6 +24,11 @@
   fileSystems."/var/log".options = ["compress=zstd" "noatime" ];
   fileSystems."/var/log".neededForBoot = true;
 
+  # rollback results in sudo lectures after each reboot
+  security.sudo.extraConfig = ''
+    Defaults lecture = never
+  '';
+
   # reset / at each boot
   # Note `lib.mkBefore` is used instead of `lib.mkAfter` here.
   boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''