From 128209e4aa8927b7514bcfd2acaf097ac0d59310 Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Mon, 12 Jan 2026 09:55:01 -0600
Subject: [PATCH] Enable passwordless wheel sudo and add /run/openbao and
 /run/secrets

---
 hosts/juni/flake.nix        | 2 ++
 hosts/juni/impermanence.nix | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/hosts/juni/flake.nix b/hosts/juni/flake.nix
index 1a5e3e20..b2ef8c17 100644
--- a/hosts/juni/flake.nix
+++ b/hosts/juni/flake.nix
@@ -278,6 +278,8 @@
                     ];
                   };
 
+                  security.sudo.wheelNeedsPassword = false;
+
                   # System configuration
                   system.stateVersion = stateVersion;
                   networking.hostName = configuration_name;
diff --git a/hosts/juni/impermanence.nix b/hosts/juni/impermanence.nix
index 58ee7967..04059801 100644
--- a/hosts/juni/impermanence.nix
+++ b/hosts/juni/impermanence.nix
@@ -24,6 +24,10 @@
       "/var/lib/upower"
 
       "/var/lib/flatpak"
+
+      # bao secrets
+      "/run/openbao"
+      "/run/secrets"
     ];
     files = [
       "/machine-key.json"