From 2f7256226ed903dc7032df274bb25dd578544645 Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Fri, 4 Feb 2022 15:55:06 -0500
Subject: [PATCH 1/2] nopass

---
 hosts/hetzner/ax101.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/hetzner/ax101.nix b/hosts/hetzner/ax101.nix
index 7f951e3..11bce06 100644
--- a/hosts/hetzner/ax101.nix
+++ b/hosts/hetzner/ax101.nix
@@ -119,6 +119,7 @@
     isNormalUser = true;
     extraGroups = [ "wheel" "networkmanager" ];
   };
+  security.sudo.wheelNeedsPassword = false;
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

From 2c6d0b42ee1a878e0077c5b02274113fb15693d6 Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Sun, 6 Feb 2022 12:57:34 -0500
Subject: [PATCH 2/2] remove hercules container

---
 containers/hercules.nix | 38 --------------------------------------
 hosts/thick.nix         |  1 -
 2 files changed, 39 deletions(-)
 delete mode 100644 containers/hercules.nix

diff --git a/containers/hercules.nix b/containers/hercules.nix
deleted file mode 100644
index 027427a..0000000
--- a/containers/hercules.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, pkgs, lib, inputs, ... }:
-
-# A separate container to run Hercules effects
-# https://docs.hercules-ci.com/hercules-ci/effects/
-#
-# TODO: Prevent access to local network, while allowing internet access
-{
-  nix.binaryCachePublicKeys = [
-    "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
-  ];
-  nix.binaryCaches = [
-    "https://hercules-ci.cachix.org"
-  ];
-
-  # FIXME: User id of `hercules-ci-agent` won't match that of guest, so we do
-  # this. But it compromises security.  See
-  # https://github.com/hercules-ci/hercules-ci-agent/issues/345#issuecomment-986329977
-  # 
-  # TODO: Find a way to resolve this.
-  nix.allowedUsers = [ "*" ];
-  nix.trustedUsers = [ "*" ];
-
-  containers.hercules = {
-    ephemeral = false;
-    autoStart = true;
-    config = { config, pkgs, ... }: {
-      imports = [
-        inputs.hercules-ci-agent.nixosModules.agent-service
-      ];
-      services.hercules-ci-agent.enable = true;
-      services.hercules-ci-agent.settings.concurrentTasks = 4;
-      nix.allowedUsers = [ "*" ];
-      nix.trustedUsers = [ "*" ];
-
-      networking.firewall.allowedTCPPorts = [ ];
-    };
-  };
-}
diff --git a/hosts/thick.nix b/hosts/thick.nix
index 57525c7..13f6e50 100644
--- a/hosts/thick.nix
+++ b/hosts/thick.nix
@@ -4,7 +4,6 @@
   imports =
     [
       (modulesPath + "/installer/scan/not-detected.nix")
-      (../containers/hercules.nix)
     ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];