Run allowed sudo instances of redpanda as root
1 files changed, 18 insertions, 18 deletions
diff --git a/modules/packages/redpanda-connect/module.nix b/modules/packages/redpanda-connect/module.nix
index 1ac70fb..f803c14 100644
--- a/modules/packages/redpanda-connect/module.nix
+++ b/modules/packages/redpanda-connect/module.nix
@@ -51,30 +51,30 @@ in
Restart = "always";
RestartSec = "5";
DynamicUser = !pipeline.allowSudo;
- User = if pipeline.allowSudo then "redpanda-connect-sudo" else null;
+ User = if pipeline.allowSudo then "root" else null;
};
};
}) cfg.pipelines
);
- security.polkit.extraConfig = builtins.concatStringsSep "\n" (
- builtins.map (value: ''
- polkit.addRule(function(action, subject) {
- if (action.id == "org.freedesktop.systemd1.manage-units" &&
- action.lookup("unit") == "redpanda-connect-${value.name}") {
- return polkit.Result.YES;
- }
- });
- '') sudoEnabledServices
- );
+ #security.polkit.extraConfig = builtins.concatStringsSep "\n" (
+ # builtins.map (value: ''
+ # polkit.addRule(function(action, subject) {
+ # if (action.id == "org.freedesktop.systemd1.manage-units" &&
+ # action.lookup("unit") == "redpanda-connect-${value.name}") {
+ # return polkit.Result.YES;
+ # }
+ # });
+ # '') sudoEnabledServices
+ #);
- users.users.redpanda-connect-sudo = {
- isSystemUser = true;
- description = "Redpanda Connect sudo user";
- createHome = false;
- shell = "/run/current-system/sw/bin/nologin";
- group = "nogroup"; # We don't need a group...
- };
+ #users.users.redpanda-connect-sudo = {
+ # isSystemUser = true;
+ # description = "Redpanda Connect sudo user";
+ # createHome = false;
+ # shell = "/run/current-system/sw/bin/nologin";
+ # group = "nogroup"; # We don't need a group...
+ #};
}
);
}
|
