From 1292bde8ebdb5a74fc9e8137eafef95a1053d91e Mon Sep 17 00:00:00 2001
From: Erwin Boskma <erwin@datarift.nl>
Date: Tue, 31 Jan 2023 17:00:01 +0100
Subject: [PATCH] Fix sudo config

---
 machines/drone/configuration.nix | 2 ++
 machines/gitea/configuration.nix | 1 -
 machines/minio/configuration.nix | 1 -
 machines/proxy/configuration.nix | 2 ++
 4 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/machines/drone/configuration.nix b/machines/drone/configuration.nix
index 6893b35..66327e6 100644
--- a/machines/drone/configuration.nix
+++ b/machines/drone/configuration.nix
@@ -39,6 +39,8 @@
     nameservers = [ "10.0.0.254" ];
   };
 
+  security.sudo.execWheelOnly = true;
+
   services.openssh.enable = true;
 
   sops.defaultSopsFile = ./secrets.yaml;
diff --git a/machines/gitea/configuration.nix b/machines/gitea/configuration.nix
index 91ed3df..8300f8b 100644
--- a/machines/gitea/configuration.nix
+++ b/machines/gitea/configuration.nix
@@ -41,7 +41,6 @@
   };
 
   security.sudo.execWheelOnly = true;
-  security.pam.enableSSHAgentAuth = true;
 
   # services.openssh.enable = true;
 
diff --git a/machines/minio/configuration.nix b/machines/minio/configuration.nix
index 2e1f687..2326b20 100644
--- a/machines/minio/configuration.nix
+++ b/machines/minio/configuration.nix
@@ -45,7 +45,6 @@
   };
 
   security.sudo.execWheelOnly = true;
-  security.pam.enableSSHAgentAuth = true;
 
   # services.openssh.enable = true;
 
diff --git a/machines/proxy/configuration.nix b/machines/proxy/configuration.nix
index 4253ada..2e72cbd 100644
--- a/machines/proxy/configuration.nix
+++ b/machines/proxy/configuration.nix
@@ -41,6 +41,8 @@
 
   services.openssh.enable = true;
 
+  security.sudo.execWheelOnly = true;
+
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = { };