blob: 6623b71c06b0f94d9eb07059c5e060a5cdc77794 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
{ pkgs, lib, ... }:
let
inherit (lib.modules) mkForce;
in
{
security = {
sudo-rs.enable = mkForce false;
sudo = {
enable = true;
execWheelOnly = mkForce true;
wheelNeedsPassword = lib.modules.mkDefault false;
extraConfig = ''
Defaults lecture = never
Defaults pwfeedback
Defaults env_keep += "EDITOR PATH DISPLAY"
Defaults timestamp_timeout = 300
'';
extraRules = [
{
groups = [ "wheel" ];
commands =
map
(rule: {
command = lib.meta.getExe' rule.package rule.command;
options = [ "NOPASSWD" ];
})
(
with pkgs;
[
{
package = coreutils;
command = "sync";
}
{
package = hdparm;
command = "hdparm";
}
{
package = nixos-rebuild;
command = "nixos-rebuild";
}
{
package = nvme-cli;
command = "nvme";
}
{
package = systemd;
command = "poweroff";
}
{
package = systemd;
command = "reboot";
}
{
package = systemd;
command = "shutdown";
}
{
package = systemd;
command = "systemctl";
}
{
package = util-linux;
command = "dmesg";
}
]
);
}
];
};
};
}
|