Superredstone/nixos
1
0
Fork 0
mirror of https://github.com/Superredstone/nixos.git synced 2026-06-17 15:24:39 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(sudo): add sane rules

Browse Source
This commit is contained in:
Patrick Canal
2026-05-28 10:24:22 +02:00
parent 38d8c0118f
commit 5e794db02a
1 changed files with 37 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/nix-config/security.nix
+34 -1
View File
@@ -1,9 +1,42 @@
{ currentSystemUser, ... }: { currentSystemUser, ... }:
let
swBin = "/run/current-system/sw/bin";
wrappersBin = "/run/wrappers/bin";
in
{ {
security.sudo.extraConfig = '' security.sudo = {
extraConfig = ''
Defaults pwfeedback Defaults pwfeedback
Defaults timestamp_timeout=120 Defaults timestamp_timeout=120
''; '';
extraRules = [
{
groups = [ "wheel" ];
commands = [
{
command = "${swBin}/shutdown";
options = [ "NOPASSWD" ];
}
{
command = "${swBin}/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${swBin}/poweroff";
options = [ "NOPASSWD" ];
}
{
command = "${wrappersBin}/mount";
options = [ "NOPASSWD" ];
}
{
command = "${wrappersBin}/umount";
options = [ "NOPASSWD" ];
}
];
}
];
};
sops = { sops = {
age.sshKeyPaths = [ age.sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key"