update security settings

author: seth <[email protected]> 2023-03-13 18:49:13 -0400
committer: seth <[email protected]> 2023-03-13 18:49:13 -0400
commit: bf1c00cbaf3a72d00d8685b8c855fcc4c44dd482 (patch)
tree: 640bcdd8d257ff268ec00a836604639b2a4e858f
parent: 1d2120eb34c279825d8145a6df5047ff577d7005 (diff)
2 files changed, 8 insertions, 15 deletions
diff --git a/profiles/nixos/security.nix b/profiles/nixos/security.nix
index 7ad0069..4e7303a 100644
--- a/profiles/nixos/security.nix
+++ b/profiles/nixos/security.nix
@@ -7,26 +7,18 @@
     apparmor.enable = lib.mkDefault true;
     audit.enable = lib.mkDefault true;
     auditd.enable = lib.mkDefault true;
-    rtkit.enable = true;
-    sudo = {
-      execWheelOnly = true;
-      extraRules = [
-        {
-          users = ["root"];
-          groups = ["root"];
-          commands = ["ALL"];
-        }
-        {
-          users = ["seth"];
-          commands = ["ALL"];
-        }
-      ];
-    };
     polkit.enable = true;
+    rtkit.enable = true;
+    sudo.execWheelOnly = true;
   };
 
   users = {
     defaultUserShell = pkgs.bash;
     mutableUsers = false;
   };
+
+  nix.settings = {
+    allowed-users = ["root" "@wheel"];
+    trusted-users = ["root"];
+  };
 }
diff --git a/users/seth/default.nix b/users/seth/default.nix
index 93368d9..452f058 100644
--- a/users/seth/default.nix
+++ b/users/seth/default.nix
@@ -12,6 +12,7 @@
   };
 
   programs.fish.enable = true;
+  nix.settings.trusted-users = ["seth"];
 
   home-manager.users.seth = let
     inherit (config.nixpkgs) overlays;
author	seth <[email protected]>	2023-03-13 18:49:13 -0400
committer	seth <[email protected]>	2023-03-13 18:49:13 -0400
commit	bf1c00cbaf3a72d00d8685b8c855fcc4c44dd482 (patch)
tree	640bcdd8d257ff268ec00a836604639b2a4e858f
parent	1d2120eb34c279825d8145a6df5047ff577d7005 (diff)