Doas: Difference between revisions

(5 intermediate revisions by 3 users not shown)

Line 1:

[https://en.wikipedia.org/wiki/Doas doas] is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity.

</translate>

It is not recommended to use doas due to compatibility issues with sudo.

</translate>

Flake based configurations require git to be installed as a system package in order to rebuild.

</translate>

== Configuration ==

== Configuration ==

</translate>

The following configuration will give the user <code>foo</code> the ability to execute commands as the super user via <code>doas</code>, while disabling the <code>sudo</code> command.

</translate>

security.~~doas~~.enable = ~~true~~;

<syntaxhighlight lang="nix">{ pkgs, ... }: {

security.~~sudo~~.enable = ~~false~~;

security.sudo.enable = false;

security.doas.extraRules = [{

users = ["foo"];

security.doas.enable = true;

# Optional, retains environment variables while running commands

security.doas.extraRules = [{

# e.g. retains your NIX_PATH when applying your config

users = ["foo"];

keepEnv = true;

# Optional, retains environment variables while running commands

persist = true; # Optional, don't ask for the password for some time, after a successfully authentication

# e.g. retains your NIX_PATH when applying your config

}];

keepEnv = true;

</syntaxhighlight>

persist = true; # Optional, don't ask for the password for some time, after a successfully authentication

}];

# If using a flakes-based configuration, you'll need `git` in your system packages for system rebuilds

environment.systemPackages = [ pkgs.git ];

}</syntaxhighlight>

</translate>

== Rebuilding without Git in system packages ==

</translate>

If you've forgotten to add Git to your system packages, and you need to rebuild your system, you can either:

# Reboot to select the last generation without doas

# Enter a Nix shell as root, with the git package. Then, run your <code>nixos-rebuild</code> command with git being in your <code>environment.systemPackages</code>.

</translate>

$ doas su

$ nix shell nixpkgs#git # Or you can use the legacy syntax `nix-shell -p git`

$ nixos-rebuild --flake /path/to/your/flake#your-hostname test

</translate>

If everything looks good, you can now add your rebuild to your boot options.

</translate>

$ exit

$ doas nixos-rebuild --flake /path/to/your/flake#your-hostname switch

</translate>

[[Category:Applications]]

[[Category:Security]]

@@ Line 1: / Line 1: @@
+<languages/>
 <translate>
+<!--T:1-->
 [https://en.wikipedia.org/wiki/Doas doas] is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity.
 </translate>
 <translate>
+<!--T:2-->
 It is not recommended to use doas due to compatibility issues with sudo.
 </translate>
 <translate>
+<!--T:3-->
 Flake based configurations require git to be installed as a system package in order to rebuild.
 </translate>
 <translate>
-== Configuration ==
+== Configuration == <!--T:4-->
 </translate>
 <translate>
+<!--T:5-->
 The following configuration will give the user <code>foo</code> the ability to execute commands as the super user via <code>doas</code>, while disabling the <code>sudo</code> command.
 </translate>
 <translate>
-<syntaxhighlight lang="nix">
+<!--T:6-->
-security.doas.enable = true;
+<syntaxhighlight lang="nix">{ pkgs, ... }: {
-security.sudo.enable = false;
+  security.sudo.enable = false;
-security.doas.extraRules = [{
-  users = ["foo"];
+  security.doas.enable = true;
-  # Optional, retains environment variables while running commands
+  security.doas.extraRules = [{
-  # e.g. retains your NIX_PATH when applying your config
+    users = ["foo"];
-  keepEnv = true;
+    # Optional, retains environment variables while running commands
-  persist = true;  # Optional, don't ask for the password for some time, after a successfully authentication
+    # e.g. retains your NIX_PATH when applying your config
-}];
+    keepEnv = true;
-</syntaxhighlight>
+    persist = true;  # Optional, don't ask for the password for some time, after a successfully authentication
+  }];
+  # If using a flakes-based configuration, you'll need `git` in your system packages for system rebuilds
+  environment.systemPackages = [ pkgs.git ];
+}</syntaxhighlight>
+</translate>
+<translate>
+== Rebuilding without Git in system packages ==
+</translate>
+<translate>
+If you've forgotten to add Git to your system packages, and you need to rebuild your system, you can either:
+# Reboot to select the last generation without doas
+# Enter a Nix shell as root, with the git package. Then, run your <code>nixos-rebuild</code> command with git being in your <code>environment.systemPackages</code>.
+</translate>
+<translate>
+  $ doas su
+  $ nix shell nixpkgs#git  # Or you can use the legacy syntax `nix-shell -p git`
+  $ nixos-rebuild --flake /path/to/your/flake#your-hostname test
+</translate>
+<translate>
+If everything looks good, you can now add your rebuild to your boot options.
+</translate>
+<translate>
+  $ exit
+  $ doas nixos-rebuild --flake /path/to/your/flake#your-hostname switch
 </translate>
 [[Category:Applications]]
 [[Category:Security]]