From 9e2fd423bd690a538b6c2748bc45000b841406e6 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Mon, 12 Oct 2020 22:46:55 +0200
Subject: [PATCH] browser configure sudo

---
 modules/programs/browser.nix | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/modules/programs/browser.nix b/modules/programs/browser.nix
index 181226c..910d7a5 100644
--- a/modules/programs/browser.nix
+++ b/modules/programs/browser.nix
@@ -203,9 +203,15 @@ in {
     # add sudo rights
     security.sudo.extraConfig = let
       extraRules = flip mapAttrsToList cfg.configList (name: values:
-        concatStringsSep "\n"
-        (map (sudoUser: "${sudoUser} ALL=(${values.user}) NOPASSWD: ALL")
-          values.sudoUsers));
+        concatStringsSep "" (map (sudoUser: ''
+          # sudo configuration to control browser
+          ${sudoUser} ALL=(${values.user}) NOPASSWD: ALL
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/mkdir -p ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/chown -R ${values.user}\:users ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/killall -9 -u ${name}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -rf ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm ${values.home}-lock
+        '') values.sudoUsers));
     in lib.concatStringsSep "\n" extraRules;
 
     # create users