public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #99520 from endgame/ssm-agent-user-fix

Browse Source 
ssm-agent: fix bad user declaration
This commit is contained in:
Silvan Mosberger 2020-10-08 23:28:13 +02:00 committed by GitHub
commit 6ee8491cb1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
nixos/modules/services/misc/ssm-agent.nix
View File

@ -29,8 +29,6 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.ssm-agent = { systemd.services.ssm-agent = {
users.extraUsers.ssm-user = {};
inherit (cfg.package.meta) description; inherit (cfg.package.meta) description;
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -43,5 +41,26 @@ in {
RestartSec = "15min"; RestartSec = "15min";
}; };
}; };
# Add user that Session Manager needs, and give it sudo.
# This is consistent with Amazon Linux 2 images.
security.sudo.extraRules = [
{
users = [ "ssm-user" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
# On Amazon Linux 2 images, the ssm-user user is pretty much a
# normal user with its own group. We do the same.
users.groups.ssm-user = {};
users.users.ssm-user = {
isNormalUser = true;
group = "ssm-user";
};
}; };
} }