From 1a931b76bdc442404de4f5278210927238dbf73f Mon Sep 17 00:00:00 2001
From: jasmine <its.jassy@pm.me>
Date: Sat, 20 Dec 2025 19:33:59 +0800
Subject: [PATCH] refactor(viridian): improve remote deployment security

- Remove passwordless sudo for wheel group
- Update deploy command to use -S flag for sudo password prompt
- Maintain secure remote access while enabling deployments
---
 justfile                         | 3 +--
 nixos/viridian/configuration.nix | 3 ---
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/justfile b/justfile
index 2d134f6..5503003 100644
--- a/justfile
+++ b/justfile
@@ -8,5 +8,4 @@ switch *ARGS:
   sudo nixos-rebuild switch --flake .#{{ARGS}}
 
 deploy *ARGS:
-  nixos-rebuild switch --flake .#{{ARGS}} --target-host {{ARGS}} --use-remote-sudo
-
+  nixos-rebuild switch -S --flake .#{{ARGS}} --target-host {{ARGS}}
diff --git a/nixos/viridian/configuration.nix b/nixos/viridian/configuration.nix
index ca7138c..37d1131 100644
--- a/nixos/viridian/configuration.nix
+++ b/nixos/viridian/configuration.nix
@@ -49,9 +49,6 @@
     oci-containers.backend = "docker";
   };
 
-  # Required for smooth remote deployments
-  security.sudo.wheelNeedsPassword = false;
-
   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
   system.stateVersion = "24.05";
 }