Alternative to sudo

[infinisil]

As @cole-h pointed out here, there are other ways than sudo to get root access, such as doas. Nixus should not hardcode this to sudo.

Nixops supports other ways via a privilegeEscalationCommand option, we could mirror that.

[cole-h]

(That's the wrong doas -- Nixpkgs contains https://github.com/Duncaen/OpenDoas)

[infinisil]

Ah thanks! Corrected now

[bqv]

Alternatively, since we depend on SSH anyway, why not have a special SSH route/user/command/hatch

[cole-h]

Some deployments disallow SSH root logins (PermitRootLogin=no), unless there's another system in place for this sort of privilege escalation that I'm overlooking.

[bqv]

Well, since nixus is good with ssh keys anyway, I feel like catering for "without-password" machines wouldn't be terrible

[cole-h]

It would be a nice addition indeed, but it should not be seen as a substitute for doas or sudo. I disable SSH root logins for my machines, period. I wouldn't change this just to be able to use nixus.

My takeaway is that both

1. sudo alternatives
2. SSH root logins

should be supported, and not only one or the other.

[infinisil]

Now addressed with above PR. And SSH root login already worked :)