Doas: Difference between revisions

(6 intermediate revisions by 3 users not shown)

Line 1:

[https://en.wikipedia.org/wiki/Doas doas] is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity.

</translate>

It is not recommended to use doas due to compatibility issues with sudo.

</translate>

Flake based configurations require git to be installed as a system package in order to rebuild.

</translate>

== Configuration ==

</translate>

The following configuration will give the user <code>foo</code> the ability to execute commands as the super user via <code>doas</code>, while disabling the <code>sudo</code> command.

</translate>

<syntaxhighlight lang="nix">{ pkgs, ... }: {

security.sudo.enable = false;

== ~~Configuration~~ ==

security.doas.enable = true;

security.doas.extraRules = [{

~~The following configuration will give the user <code>foo</code> the ability to execute commands as~~ the ~~super user via <code>doas</code>~~, ~~while disabling the <code>sudo</code> command.~~

users = ["foo"];

# Optional, retains environment variables while running commands

# e.g. retains your NIX_PATH when applying your config

keepEnv = true;

persist = true; # Optional, don't ask for the password for some time, after a successfully authentication

}];

~~<syntaxhighlight lang="nix">~~

# If using a flakes-based configuration, you'll need `git` in your system packages for system rebuilds

~~security~~.~~doas.enable~~ = ~~true;~~

environment.systemPackages = [ pkgs.git ];

~~security~~.~~sudo.enable = false~~;

}</syntaxhighlight>

~~security.doas.extraRules = [{~~

</translate>

~~users = ["foo"];~~

~~# Optional, retains environment variables while running commands~~

== Rebuilding without Git in system packages ==

~~# e.g. retains your NIX_PATH when applying your config~~

</translate>

~~keepEnv~~ = ~~true;~~

~~persist~~ = ~~true; # Optional, don't ask for the password for some time, after a successfully authentication~~

If you've forgotten to add Git to your system packages, and you need to rebuild your system, you can either:

~~}];~~

<~~/syntaxhighlight~~>

# Reboot to select the last generation without doas

# Enter a Nix shell as root, with the git package. Then, run your <code>nixos-rebuild</code> command with git being in your <code>environment.systemPackages</code>.

</translate>

$ doas su

$ nix shell nixpkgs#git # Or you can use the legacy syntax `nix-shell -p git`

$ nixos-rebuild --flake /path/to/your/flake#your-hostname test

</translate>

If everything looks good, you can now add your rebuild to your boot options.

</translate>

$ exit

$ doas nixos-rebuild --flake /path/to/your/flake#your-hostname switch

</translate>

[[Category:Applications]]

[[Category:Security]]

@@ Line 1: / Line 1: @@
+<languages/>
+<translate>
+<!--T:1-->
 [https://en.wikipedia.org/wiki/Doas doas] is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity.
+</translate>
+<translate>
+<!--T:2-->
 It is not recommended to use doas due to compatibility issues with sudo.
+</translate>
+<translate>
+<!--T:3-->
 Flake based configurations require git to be installed as a system package in order to rebuild.
+</translate>
+<translate>
+== Configuration == <!--T:4-->
+</translate>
+<translate>
+<!--T:5-->
+The following configuration will give the user <code>foo</code> the ability to execute commands as the super user via <code>doas</code>, while disabling the <code>sudo</code> command.
+</translate>
+<translate>
+<!--T:6-->
+<syntaxhighlight lang="nix">{ pkgs, ... }: {
+  security.sudo.enable = false;
-== Configuration ==
+  security.doas.enable = true;
+  security.doas.extraRules = [{
-The following configuration will give the user <code>foo</code> the ability to execute commands as the super user via <code>doas</code>, while disabling the <code>sudo</code> command.
+    users = ["foo"];
+    # Optional, retains environment variables while running commands
+    # e.g. retains your NIX_PATH when applying your config
+    keepEnv = true;
+    persist = true;  # Optional, don't ask for the password for some time, after a successfully authentication
+  }];
-<syntaxhighlight lang="nix">
+  # If using a flakes-based configuration, you'll need `git` in your system packages for system rebuilds
-security.doas.enable = true;
+  environment.systemPackages = [ pkgs.git ];
-security.sudo.enable = false;
+}</syntaxhighlight>
-security.doas.extraRules = [{
+</translate>
-  users = ["foo"];
+<translate>
-  # Optional, retains environment variables while running commands
+== Rebuilding without Git in system packages ==
-  # e.g. retains your NIX_PATH when applying your config
+</translate>
-  keepEnv = true;
+<translate>
-  persist = true;  # Optional, don't ask for the password for some time, after a successfully authentication
+If you've forgotten to add Git to your system packages, and you need to rebuild your system, you can either:
-}];
-</syntaxhighlight>
+# Reboot to select the last generation without doas
+# Enter a Nix shell as root, with the git package. Then, run your <code>nixos-rebuild</code> command with git being in your <code>environment.systemPackages</code>.
+</translate>
+<translate>
+  $ doas su
+  $ nix shell nixpkgs#git  # Or you can use the legacy syntax `nix-shell -p git`
+  $ nixos-rebuild --flake /path/to/your/flake#your-hostname test
+</translate>
+<translate>
+If everything looks good, you can now add your rebuild to your boot options.
+</translate>
+<translate>
+  $ exit
+  $ doas nixos-rebuild --flake /path/to/your/flake#your-hostname switch
+</translate>
 [[Category:Applications]]
 [[Category:Security]]