From 532e7a5c6b10cbc311ee1f6811a6008152324f19 Mon Sep 17 00:00:00 2001
From: Tim Van Baak <tim.vanbaak@gmail.com>
Date: Tue, 19 Dec 2023 19:33:25 -0800
Subject: [PATCH] beatific: allow `sudo nixos-rebuild` without password for tvb

---
 modules/beatific.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/beatific.nix b/modules/beatific.nix
index 9a8098d..4312ac6 100644
--- a/modules/beatific.nix
+++ b/modules/beatific.nix
@@ -48,6 +48,10 @@ in {
       nix.extraOptions = "experimental-features = nix-command flakes";
       environment.etc.nixos.source = ./..;
       environment.shellAliases.nr = "sudo nixos-rebuild --flake $HOME/nixos-configs";
+      security.sudo.extraRules = [{
+        users = [ "tvb" ];
+        commands = [ { command = "/run/current-system/sw/bin/nixos-rebuild"; options = [ "NOPASSWD" ]; } ];
+      }];
     }
 
     (mkIf cfg.defaults.time {