now *most* things work :p

author: seth <[email protected]> 2022-12-02 02:12:40 -0500
committer: seth <[email protected]> 2022-12-02 02:12:40 -0500
commit: b673b76f41a1f48c38acb9b67657e097e5b8a61f (patch)
tree: fe0090a667d419d6a27544c492d1e911eb6541ff /hosts/common/security.nix
parent: aca5eff381f76bc29f25191efc281ccf50cf0e3e (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/hosts/common/security.nix b/hosts/common/security.nix
new file mode 100644
index 0000000..debd6b7
--- /dev/null
+++ b/hosts/common/security.nix
@@ -0,0 +1,17 @@
+{ lib, config, ... }:
+
+with builtins; with lib;
+{
+	security.sudo = {
+		configFile = ''
+			Defaults	env_reset
+			Defaults	secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
+			Defaults	editor = /run/current-system/sw/bin/vim,!env_editor
+		'';
+		execWheelOnly = true;
+		extraRules = [
+			{ users = [ "root" ]; groups = [ "root" ]; commands = [ "ALL" ]; }
+			{ users = [ "seth" ]; commands = [ "ALL" ]; }
+		];
+	};
+}
author	seth <[email protected]>	2022-12-02 02:12:40 -0500
committer	seth <[email protected]>	2022-12-02 02:12:40 -0500
commit	b673b76f41a1f48c38acb9b67657e097e5b8a61f (patch)
tree	fe0090a667d419d6a27544c492d1e911eb6541ff /hosts/common/security.nix
parent	aca5eff381f76bc29f25191efc281ccf50cf0e3e (diff)