Commit `84d073eaa279`

Vincent Demeester <vincent@sbr.pm>

2026-01-12 17:11:34

fix(microshift): add sudo NOPASSWD rules for CRC admin operations

CRC needs to run chown and chmod via sudo to set up the admin helper executable. Allow these specific commands without password for the configured user when running from the systemd service. Error: Failed Authentication with pam_ssh_agent_auth

main

1 parent 251bf83

Changed files (1)

modules

microshift

default.nix

@@ -69,6 +69,23 @@ in
     # Ensure user has libvirt access
     users.users.${cfg.user}.extraGroups = [ "libvirt" ];
 
+    # Allow CRC to use sudo for admin helper without password
+    security.sudo.extraRules = [
+      {
+        users = [ cfg.user ];
+        commands = [
+          {
+            command = "/run/wrappers/bin/chown";
+            options = [ "NOPASSWD" ];
+          }
+          {
+            command = "/run/wrappers/bin/chmod";
+            options = [ "NOPASSWD" ];
+          }
+        ];
+      }
+    ];
+
     environment.systemPackages = with pkgs; [
       crc
       kubectl

Commit 84d073eaa279

Commit `84d073eaa279`