Official NixOS Wiki

Doas: Difference between revisions

← Older edit
VisualWikitext
imported>Likeazir
mNo edit summary
Fio (talk | contribs)
6 edits
m Rewording - defines what "it" is
 
(11 intermediate revisions by 8 users not shown)
Line 1: Line 1:
<languages/>
<translate>
<!--T:1-->
[https://en.wikipedia.org/wiki/Doas doas] is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity.
[https://en.wikipedia.org/wiki/Doas doas] is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity.
</translate>
<translate>
<!--T:2-->
It is not recommended to use doas due to compatibility issues with sudo.
</translate>
<translate>
<!--T:3-->
Flake based configurations require git to be installed as a system package in order to rebuild.
</translate>
<translate>
== Configuration == <!--T:4-->
</translate>
<translate>
<!--T:5-->
The following configuration will give the user <code>foo</code> the ability to execute commands as the super user via <code>doas</code>, while disabling the <code>sudo</code> command.
</translate>
<translate>
<!--T:6-->
<syntaxhighlight lang="nix">{ pkgs, ... }: {
  security.sudo.enable = false;


== Configuration ==
  security.doas.enable = true;
  security.doas.extraRules = [{
    users = ["foo"];
    # Optional, retains environment variables while running commands
    # e.g. retains your NIX_PATH when applying your config
    keepEnv = true;
    persist = true;  # Optional, don't ask for the password for some time, after a successfully authentication
  }];


The following configuration will give the user <code>foo</code> the ability to execute commands as the super user via <code>doas</code>, while disabling the <code>sudo</code> command.
  # If using a flakes-based configuration, you'll need `git` in your system packages for system rebuilds
  environment.systemPackages = [ pkgs.git ];
}</syntaxhighlight>
</translate>
<translate>
== Rebuilding without Git in system packages ==
</translate>
<translate>
If you've forgotten to add Git to your system packages, and you need to rebuild your system, you can either:


<syntaxhighlight lang="nix">
# Reboot to select the last generation without doas
security.doas.enable = true;
# Enter a Nix shell as root, with the git package. Then, run your <code>nixos-rebuild</code> command with git being in your <code>environment.systemPackages</code>.
security.sudo.enable = false;
</translate>
security.doas.extraRules = [{
<translate>
   users = ["foo"];
  $ doas su
   keepEnv = true;  # Optional, retains environment variables while running commands, e.g. your NIX_PATH when applying your config
   $ nix shell nixpkgs#git  # Or you can use the legacy syntax `nix-shell -p git`
   persist = true;  # Optional, only require password verification a single time
   $ nixos-rebuild --flake /path/to/your/flake#your-hostname test
}];
</translate>
</syntaxhighlight>
<translate>
If everything looks good, you can now add your rebuild to your boot options.
</translate>
<translate>
  $ exit
   $ doas nixos-rebuild --flake /path/to/your/flake#your-hostname switch
</translate>
[[Category:Applications]]
[[Category:Security]]
Retrieved from "https://wiki.nixos.org/wiki/Doas"