From 8522cffb8ec744e71f6f94764cfe59e607f41d93 Mon Sep 17 00:00:00 2001
From: Sean Buckley <sean.bck@gmail.com>
Date: Tue, 19 Jan 2021 01:32:44 -0500
Subject: [PATCH] allow upgrades without password

---
 modules/baseline.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/modules/baseline.nix b/modules/baseline.nix
index e95722f..d74fc24 100644
--- a/modules/baseline.nix
+++ b/modules/baseline.nix
@@ -44,6 +44,17 @@
     ];
   };
 
+  security.sudo.extraRules = [{
+    groups = [ "wheel" ];
+    commands = [
+      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nix-channel --update"; }
+      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild switch"; }
+      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild switch --upgrade"; }
+      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild boot"; }
+      { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild boot --upgrade"; }
+    ];
+  }];
+
   users.users.sean = {
     isNormalUser = true;
     extraGroups = [ "wheel" "audio" "video" "networkmanager" "dialout" "input" "wireshark" ];