AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove sudo

Browse Source
This commit is contained in:
Dmitriy Kholkin 2024-11-18 03:11:53 +03:00
parent fa50e20da4
commit a392b7383e
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
2 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
flake.nix
View File

@ -235,6 +235,7 @@
profiles.system = { profiles.system = {
sshUser = "deploy"; sshUser = "deploy";
user = "root"; user = "root";
sudo = "doas -u";
fastConnection = true; fastConnection = true;
remoteBuild = false; remoteBuild = false;
path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.${name}; path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.${name};

16
profiles/security/vlock.nix
View File

@ -1,21 +1,15 @@
{ config, lib, ... }: { { config, lib, ... }: {
# FIXME: completely remove sudo security.sudo.enable = lib.mkForce false;
security.sudo = {
enable = true;
extraRules = [{
users = [ "deploy" ];
commands = [{
command = "ALL";
options = [ "NOPASSWD" ];
}];
}];
};
security.doas = { security.doas = {
enable = true; enable = true;
extraRules = [{ extraRules = [{
users = [ config.mainuser ]; users = [ config.mainuser ];
keepEnv = true; keepEnv = true;
persist = true; persist = true;
} {
users = [ "deploy" ];
noPass = true;
keepEnv = true;
}] ++ lib.optionals config.deviceSpecific.isLaptop [{ }] ++ lib.optionals config.deviceSpecific.isLaptop [{
users = [ config.mainuser ]; users = [ config.mainuser ];
noPass = true; noPass = true;