From 4a1ac8d31a2b139911fcae6f068b916384020f26 Mon Sep 17 00:00:00 2001
From: Christoph Schmatzler <christoph@schmatzler.com>
Date: Tue, 23 Dec 2025 15:32:20 +0000
Subject: [PATCH] passwordless deploys

---
 profiles/nixos.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/profiles/nixos.nix b/profiles/nixos.nix
index 5f95b13..5dedb2d 100644
--- a/profiles/nixos.nix
+++ b/profiles/nixos.nix
@@ -6,6 +6,21 @@
 	...
 }: {
 	security.sudo.enable = true;
+	security.sudo.extraRules = [
+		{
+			users = [user];
+			commands = [
+				{
+					command = "/run/current-system/sw/bin/nix-env";
+					options = ["NOPASSWD"];
+				}
+				{
+					command = "/nix/store/*/bin/switch-to-configuration";
+					options = ["NOPASSWD"];
+				}
+			];
+		}
+	];
 
 	system.stateVersion = constants.stateVersions.nixos;
 	time.timeZone = "UTC";