nixos-config/profiles/security/vlock.nix

{ config, pkgs, lib, ... }: {
  # FIXME: completely remove sudo
  security.sudo = {
    enable = true;
    extraRules = [{
      users = [ config.mainuser ];
      commands = [{
        command = "/run/current-system/sw/bin/nixos-rebuild";
        options = [ "SETENV" "NOPASSWD" ];
      } {
        command = "/run/current-system/sw/bin/nix";
        options = [ "SETENV" "NOPASSWD" ];
      } {
        command = "/run/current-system/sw/bin/nix-shell";
        options = [ "SETENV" "NOPASSWD" ];
      } {
        command = "/run/current-system/sw/bin/extra-container";
        options = [ "SETENV" "NOPASSWD" ];
      } {
        command = "/run/current-system/sw/bin/chown ${config.mainuser} /tmp/.X11-unix";
        options = [ "SETENV" "NOPASSWD" ];
      }
      ];
    }];
  };
  security.doas = {
    enable = true;
    extraRules = [{
      users = [ config.mainuser ];
      keepEnv = true;
      persist = true;
    } {
      users = [ config.mainuser ];
      noPass = true;
      keepEnv = true;
      cmd = "/run/current-system/sw/bin/btrfs";
      args = [ "fi" "usage" "/" ];
    }] ++ lib.optionals config.deviceSpecific.isLaptop [{
      users = [ config.mainuser ];
      noPass = true;
      keepEnv = true;
      cmd = "/run/current-system/sw/bin/tlp";
    } {
      users = [ config.mainuser ];
      noPass = true;
      keepEnv = true;
      cmd = "/run/current-system/sw/bin/tlp-stat";
    }];
  };
}
move modules to flake.nix and split security 2023-03-27 15:48:23 +03:00			`{ config, pkgs, lib, ... }: {`
various updates 2023-01-26 00:23:55 +03:00			`# FIXME: completely remove sudo`
Too many changes 2019-09-14 22:12:56 +04:00			`security.sudo = {`
			`enable = true;`
use doas instead of sudo 2022-12-07 22:13:34 +03:00			`extraRules = [{`
use users module 2022-12-10 22:34:39 +03:00			`users = [ config.mainuser ];`
use doas instead of sudo 2022-12-07 22:13:34 +03:00			`commands = [{`
			`command = "/run/current-system/sw/bin/nixos-rebuild";`
			`options = [ "SETENV" "NOPASSWD" ];`
			`} {`
			`command = "/run/current-system/sw/bin/nix";`
			`options = [ "SETENV" "NOPASSWD" ];`
			`} {`
			`command = "/run/current-system/sw/bin/nix-shell";`
			`options = [ "SETENV" "NOPASSWD" ];`
update 2023-02-14 07:04:20 +03:00			`} {`
			`command = "/run/current-system/sw/bin/extra-container";`
			`options = [ "SETENV" "NOPASSWD" ];`
			`} {`
			`command = "/run/current-system/sw/bin/chown ${config.mainuser} /tmp/.X11-unix";`
			`options = [ "SETENV" "NOPASSWD" ];`
various updates 2023-01-26 00:23:55 +03:00			`}`
			`];`
use doas instead of sudo 2022-12-07 22:13:34 +03:00			`}];`
Too many changes 2019-09-14 22:12:56 +04:00			`};`
use doas instead of sudo 2022-12-07 22:13:34 +03:00			`security.doas = {`
			`enable = true;`
			`extraRules = [{`
use users module 2022-12-10 22:34:39 +03:00			`users = [ config.mainuser ];`
use doas instead of sudo 2022-12-07 22:13:34 +03:00			`keepEnv = true;`
			`persist = true;`
			`} {`
use users module 2022-12-10 22:34:39 +03:00			`users = [ config.mainuser ];`
use doas instead of sudo 2022-12-07 22:13:34 +03:00			`noPass = true;`
			`keepEnv = true;`
			`cmd = "/run/current-system/sw/bin/btrfs";`
			`args = [ "fi" "usage" "/" ];`
move modules to flake.nix and split security 2023-03-27 15:48:23 +03:00			`}] ++ lib.optionals config.deviceSpecific.isLaptop [{`
use users module 2022-12-10 22:34:39 +03:00			`users = [ config.mainuser ];`
use doas instead of sudo 2022-12-07 22:13:34 +03:00			`noPass = true;`
			`keepEnv = true;`
			`cmd = "/run/current-system/sw/bin/tlp";`
			`} {`
use users module 2022-12-10 22:34:39 +03:00			`users = [ config.mainuser ];`
use doas instead of sudo 2022-12-07 22:13:34 +03:00			`noPass = true;`
			`keepEnv = true;`
			`cmd = "/run/current-system/sw/bin/tlp-stat";`
			`}];`
some changes in theme module 2021-09-16 01:03:52 +03:00			`};`
move modules to flake.nix and split security 2023-03-27 15:48:23 +03:00			`}`