From 7611e586c8b03c32b866449013b39abbd797d015 Mon Sep 17 00:00:00 2001
From: Corwin Perren <caperren@gmail.com>
Date: Sun, 7 Dec 2025 20:54:39 -0800
Subject: [PATCH] Just make auto-rebuild passwordless for the cluster-admin

---
 .../system-utilities-cluster.nix                   |  1 -
 modules/system/security.nix                        | 14 +++++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/modules/application-groups/system-utilities-cluster.nix b/modules/application-groups/system-utilities-cluster.nix
index 06c94d9..728ba64 100644
--- a/modules/application-groups/system-utilities-cluster.nix
+++ b/modules/application-groups/system-utilities-cluster.nix
@@ -22,6 +22,5 @@
     usbutils
     util-linux
     wget
-    firefox
   ];
 }
diff --git a/modules/system/security.nix b/modules/system/security.nix
index ccec4d3..ddee4ca 100644
--- a/modules/system/security.nix
+++ b/modules/system/security.nix
@@ -14,12 +14,17 @@
             command = "${pkgs.systemd}/bin/poweroff";
             options = [ "NOPASSWD" ];
           }
+        ];
+      }
+      {
+        users = [ "cluster-admin" ];
+        commands = [
           {
-            command = "${pkgs.systemd}/bin/systemctl start git-auto-rebuild";
+            command = "${pkgs.systemd}/bin/systemctl start git-auto-rebuild.service";
             options = [ "NOPASSWD" ];
           }
           {
-            command = "${pkgs.systemd}/bin/systemctl stop git-auto-rebuild";
+            command = "${pkgs.systemd}/bin/systemctl stop git-auto-rebuild.service";
             options = [ "NOPASSWD" ];
           }
 
@@ -30,7 +35,10 @@
         commands = [
           {
             command = "${pkgs.nvtopPackages.full}/bin/nvtop";
-            options = [ "NOPASSWD" "SETENV" ];
+            options = [
+              "NOPASSWD"
+              "SETENV"
+            ];
           }
         ];