remove sudo

2024-11-18 03:11:53 +03:00 · 2024-11-18 03:11:53 +03:00 · a392b7383e
commit a392b7383e
parent fa50e20da4
2 changed files with 6 additions and 11 deletions
--- a/flake.nix
+++ b/flake.nix
@ -235,6 +235,7 @@
                profiles.system = {
                  sshUser = "deploy";
                  user = "root";
+                  sudo = "doas -u";
                  fastConnection = true;
                  remoteBuild = false;
                  path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.${name};
--- a/profiles/security/vlock.nix
+++ b/profiles/security/vlock.nix
@ -1,21 +1,15 @@
 { config, lib, ... }: {
-  # FIXME: completely remove sudo
-  security.sudo = {
-    enable = true;
-    extraRules = [{
-      users = [ "deploy" ];
-      commands = [{
-        command = "ALL";
-        options = [ "NOPASSWD" ];
-      }];
-    }];
-  };
+  security.sudo.enable = lib.mkForce false;
  security.doas = {
    enable = true;
    extraRules = [{
      users = [ config.mainuser ];
      keepEnv = true;
      persist = true;
+    } {
+      users = [ "deploy" ];
+      noPass = true;
+      keepEnv = true;
    }] ++ lib.optionals config.deviceSpecific.isLaptop [{
      users = [ config.mainuser ];
      noPass = true;