From 570ddf38f6e209f2ed0939d73cfc059352b1acf5 Mon Sep 17 00:00:00 2001
From: ediblerope <fredrik@nordhammer.it>
Date: Tue, 7 Apr 2026 13:07:24 +0100
Subject: [PATCH] Allow passwordless sudo for fred
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

40-char password from a manager is impractical for frequent sudo use.
SSH is already key-only, so local privilege escalation is the only
remaining threat — acceptable on a single-user home server.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 settings/users.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/settings/users.nix b/settings/users.nix
index 0e03e1b..e1acb34 100644
--- a/settings/users.nix
+++ b/settings/users.nix
@@ -3,6 +3,11 @@
 
 {
     # Define a user account. Don't forget to set a password with 'passwd'.
+	security.sudo.extraRules = [{
+		users = [ "fred" ];
+		commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }];
+	}];
+
 	users.users.fred = {
 		isNormalUser = true;
 		description = "fred";