summaryrefslogtreecommitdiff
path: root/doc/guix.texi
diff options
context:
space:
mode:
authorMaxim Cournoyer <maxim.cournoyer@gmail.com>2020-03-17 22:10:40 -0400
committerMaxim Cournoyer <maxim.cournoyer@gmail.com>2020-03-17 23:01:07 -0400
commitf6b950319cb41822e2b3f1b55357037da433e1df (patch)
treecc8afa374809a46044b36c58bb09d19e5060b556 /doc/guix.texi
parentce9fc7e8ab821d12977bdf4ca9bff3e20eb16c07 (diff)
gnu: system: Export %sudoers-specification.
Exporting this variable allows reusing the default value of the `sudoers-file' field when configuring it. * gnu/system.scm (gnu): Export %sudoers-specification. * doc/guix.texi (Invoking guix deploy): Document an example, to use with 'guix deploy'.
Diffstat (limited to 'doc/guix.texi')
-rw-r--r--doc/guix.texi24
1 files changed, 22 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index a0920adc1c..086b1d9751 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -26996,8 +26996,28 @@ login over SSH may be forbidden in some cases. To work around this,
@command{guix deploy} can log in as an unprivileged user and employ
@code{sudo} to escalate privileges. This will only work if @code{sudo} is
currently installed on the remote and can be invoked non-interactively as
-@code{user}. That is: the line in @code{sudoers} granting @code{user} the
-ability to use @code{sudo} must contain the @code{NOPASSWD} tag.
+@code{user}. That is, the line in @code{sudoers} granting @code{user} the
+ability to use @code{sudo} must contain the @code{NOPASSWD} tag. This can
+be accomplished with the following operating system configuration snippet:
+
+@lisp
+(use-modules ...
+ (gnu system) ;for %sudoers-specification))
+
+(define %user "username")
+
+(operating-system
+ ...
+ (sudoers-file
+ (plain-file "sudoers"
+ (string-append (plain-file-content %sudoers-specification)
+ (format #f "~a ALL = NOPASSWD: ALL~%"
+ %username)))))
+
+@end lisp
+
+For more information regarding the format of the @file{sudoers} file,
+consult @command{man sudoers}.
@deftp {Data Type} machine
This is the data type representing a single machine in a heterogeneous Guix