From f6db232ca752dda1b2f24735ac3c7e1c585d051f Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@tromso.serit.no>
Date: Sun, 28 Sep 2025 12:30:56 +0200
Subject: [PATCH] fix: move sudo settings from hpc module to actual nodes

---
 ekman/fs-work/default.nix | 8 ++++++--
 ekman/login/default.nix   | 8 +++++---
 modules/hpc/hpc.nix       | 4 ----
 rossby/login/default.nix  | 8 +++++---
 4 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/ekman/fs-work/default.nix b/ekman/fs-work/default.nix
index 168ddbb..7795137 100644
--- a/ekman/fs-work/default.nix
+++ b/ekman/fs-work/default.nix
@@ -25,6 +25,10 @@ in {
     # services.udev.extraRules = ''
     #     KERNEL=="ibp65s0", SUBSYSTEM=="net", ATTR{create_child}:="0x7666"
     # '';
+    security.sudo.extraConfig = ''
+      %sif ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
+      %admin ALL=(admin) NOPASSWD: ALL
+    '';
 
     environment.systemPackages = with pkgs; [
         rdma-core
@@ -40,9 +44,9 @@ in {
         users = true;
         opt = true;
         work = false;
-        data = false;
+        data = true;
+        ceph = true;
         backup = false;
-        ceph = false;
       };
     };
 
diff --git a/ekman/login/default.nix b/ekman/login/default.nix
index 3a0545d..3d8e56c 100644
--- a/ekman/login/default.nix
+++ b/ekman/login/default.nix
@@ -283,9 +283,11 @@ in
     #   };
     # };
 
-    # security.sudo.extraConfig = ''
-    #   gitlab-runner ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
-    # '';
+    security.sudo.extraConfig = ''
+      %sif ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
+      %admin ALL=(admin) NOPASSWD: ALL
+      # gitlab-runner ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
+    '';
 
     security.pam = {
       services.sshd.googleAuthenticator.enable = true;
diff --git a/modules/hpc/hpc.nix b/modules/hpc/hpc.nix
index 28425ed..0fee95c 100644
--- a/modules/hpc/hpc.nix
+++ b/modules/hpc/hpc.nix
@@ -82,10 +82,6 @@ let
       turbovnc
       emacs
     ];
-    security.sudo.extraConfig = ''
-      %sif ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
-      %admin ALL=(admin) NOPASSWD: ALL
-    '';
   };
 
   compute = {
diff --git a/rossby/login/default.nix b/rossby/login/default.nix
index c2178c8..ff78c01 100644
--- a/rossby/login/default.nix
+++ b/rossby/login/default.nix
@@ -278,9 +278,11 @@ in
     #   };
     # };
 
-    # security.sudo.extraConfig = ''
-    #   gitlab-runner ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
-    # '';
+    security.sudo.extraConfig = ''
+      %sif ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
+      %admin ALL=(admin) NOPASSWD: ALL
+      # gitlab-runner ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
+    '';
 
     security.pam = {
       services.sshd.googleAuthenticator.enable = true;