diff options
| author | Fuwn <[email protected]> | 2024-10-01 06:02:50 -0700 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2024-10-01 06:02:50 -0700 |
| commit | fcddd3ba06088e235243d41395e40fd9e0107a76 (patch) | |
| tree | 8b4fabd85315ec93a09842a2123a2e6e16583c75 /modules/pc/security/sudo.nix | |
| parent | modules: move shared i18n to pc (diff) | |
| download | nixos-config-fcddd3ba06088e235243d41395e40fd9e0107a76.tar.xz nixos-config-fcddd3ba06088e235243d41395e40fd9e0107a76.zip | |
modules: move shared pc modules from desktop to pc
Diffstat (limited to 'modules/pc/security/sudo.nix')
| -rw-r--r-- | modules/pc/security/sudo.nix | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/modules/pc/security/sudo.nix b/modules/pc/security/sudo.nix new file mode 100644 index 0000000..6623b71 --- /dev/null +++ b/modules/pc/security/sudo.nix @@ -0,0 +1,75 @@ +{ pkgs, lib, ... }: +let + inherit (lib.modules) mkForce; +in +{ + security = { + sudo-rs.enable = mkForce false; + + sudo = { + enable = true; + execWheelOnly = mkForce true; + wheelNeedsPassword = lib.modules.mkDefault false; + + extraConfig = '' + Defaults lecture = never + Defaults pwfeedback + Defaults env_keep += "EDITOR PATH DISPLAY" + Defaults timestamp_timeout = 300 + ''; + + extraRules = [ + { + groups = [ "wheel" ]; + commands = + map + (rule: { + command = lib.meta.getExe' rule.package rule.command; + options = [ "NOPASSWD" ]; + }) + ( + with pkgs; + [ + { + package = coreutils; + command = "sync"; + } + { + package = hdparm; + command = "hdparm"; + } + { + package = nixos-rebuild; + command = "nixos-rebuild"; + } + { + package = nvme-cli; + command = "nvme"; + } + { + package = systemd; + command = "poweroff"; + } + { + package = systemd; + command = "reboot"; + } + { + package = systemd; + command = "shutdown"; + } + { + package = systemd; + command = "systemctl"; + } + { + package = util-linux; + command = "dmesg"; + } + ] + ); + } + ]; + }; + }; +} |