glados-wsl: enable sudo

2 files changed, 11 insertions, 4 deletions

diff --git a/modules/nixos/defaults/security.nix b/modules/nixos/defaults/security.nix
index 8d7d879..a7c79ea 100644
--- a/modules/nixos/defaults/security.nix
+++ b/modules/nixos/defaults/security.nix
@@ -18,7 +18,10 @@
 
     polkit.enable = true;
 
-    sudo.enable = false;
+    sudo = {
+      enable = lib.mkDefault false;
+      execWheelOnly = true;
+    };
   };
 
   services.dbus.apparmor = lib.mkDefault "enabled";
diff --git a/systems/glados-wsl/default.nix b/systems/glados-wsl/default.nix
index 6a9cbba..9ca63ed 100644
--- a/systems/glados-wsl/default.nix
+++ b/systems/glados-wsl/default.nix
@@ -32,9 +32,13 @@
 
   nixpkgs.hostPlatform = "x86_64-linux";
 
-  # Something, something `resolv.conf` error
-  # (nixos-wsl probably doesn't set it)
-  security.apparmor.enable = false;
+  security = {
+    # Something, something `resolv.conf` error
+    # (nixos-wsl probably doesn't set it)
+    apparmor.enable = false;
+    # `run0` fails with `Failed to start transient service unit: Interactive authentication required.`
+    sudo.enable = true;
+  };
 
   services = {
     resolved.enable = false;