Doas: Difference between revisions
Add language bar |
m Rewording - defines what "it" is |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 21: | Line 21: | ||
<translate> | <translate> | ||
<!--T:6--> | <!--T:6--> | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix">{ pkgs, ... }: { | ||
security. | security.sudo.enable = false; | ||
security. | |||
security.doas.extraRules = [{ | security.doas.enable = true; | ||
security.doas.extraRules = [{ | |||
users = ["foo"]; | |||
# Optional, retains environment variables while running commands | |||
# e.g. retains your NIX_PATH when applying your config | |||
keepEnv = true; | |||
}]; | persist = true; # Optional, don't ask for the password for some time, after a successfully authentication | ||
</syntaxhighlight> | }]; | ||
# If using a flakes-based configuration, you'll need `git` in your system packages for system rebuilds | |||
environment.systemPackages = [ pkgs.git ]; | |||
}</syntaxhighlight> | |||
</translate> | |||
<translate> | |||
== Rebuilding without Git in system packages == | |||
</translate> | |||
<translate> | |||
If you've forgotten to add Git to your system packages, and you need to rebuild your system, you can either: | |||
# Reboot to select the last generation without doas | |||
# Enter a Nix shell as root, with the git package. Then, run your <code>nixos-rebuild</code> command with git being in your <code>environment.systemPackages</code>. | |||
</translate> | |||
<translate> | |||
$ doas su | |||
$ nix shell nixpkgs#git # Or you can use the legacy syntax `nix-shell -p git` | |||
$ nixos-rebuild --flake /path/to/your/flake#your-hostname test | |||
</translate> | |||
<translate> | |||
If everything looks good, you can now add your rebuild to your boot options. | |||
</translate> | |||
<translate> | |||
$ exit | |||
$ doas nixos-rebuild --flake /path/to/your/flake#your-hostname switch | |||
</translate> | </translate> | ||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Security]] | [[Category:Security]] | ||
Latest revision as of 02:01, 21 October 2025
doas is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity. It is not recommended to use doas due to compatibility issues with sudo. Flake based configurations require git to be installed as a system package in order to rebuild.
Configuration
The following configuration will give the user foo the ability to execute commands as the super user via doas, while disabling the sudo command.
{ pkgs, ... }: {
security.sudo.enable = false;
security.doas.enable = true;
security.doas.extraRules = [{
users = ["foo"];
# Optional, retains environment variables while running commands
# e.g. retains your NIX_PATH when applying your config
keepEnv = true;
persist = true; # Optional, don't ask for the password for some time, after a successfully authentication
}];
# If using a flakes-based configuration, you'll need `git` in your system packages for system rebuilds
environment.systemPackages = [ pkgs.git ];
}
Rebuilding without Git in system packages
If you've forgotten to add Git to your system packages, and you need to rebuild your system, you can either:
- Reboot to select the last generation without doas
- Enter a Nix shell as root, with the git package. Then, run your
nixos-rebuildcommand with git being in yourenvironment.systemPackages.
$ doas su $ nix shell nixpkgs#git # Or you can use the legacy syntax `nix-shell -p git` $ nixos-rebuild --flake /path/to/your/flake#your-hostname test
If everything looks good, you can now add your rebuild to your boot options.
$ exit $ doas nixos-rebuild --flake /path/to/your/flake#your-hostname switch