modules/nixos: `sudo` -> `run0`

author: Seth Flynn <[email protected]> 2025-02-13 23:58:06 -0500
committer: Seth Flynn <[email protected]> 2025-02-13 23:58:06 -0500
commit: c1bea770122a7cf2dea5113387265f59010d5a7f (patch)
tree: fbad53d24b463e10b18c72a5016b8e4b3a9e23ac /modules/nixos/defaults/security.nix
parent: b890a5c57b0b4844455d8795fd057e81fa3f2ea2 (diff)
1 files changed, 14 insertions, 2 deletions
diff --git a/modules/nixos/defaults/security.nix b/modules/nixos/defaults/security.nix
index 65ce729..8d7d879 100644
--- a/modules/nixos/defaults/security.nix
+++ b/modules/nixos/defaults/security.nix
@@ -1,12 +1,24 @@
-# Much of this is sourced from https://xeiaso.net/blog/paranoid-nixos-2021-07-18/
 { lib, ... }:
+
+# Much of this is sourced from https://xeiaso.net/blog/paranoid-nixos-2021-07-18/
 {
   security = {
     apparmor.enable = lib.mkDefault true;
     audit.enable = lib.mkDefault true;
     auditd.enable = lib.mkDefault true;
+
+    pam.services = {
+      # Fix `run0`
+      # TODO: Upstream?
+      systemd-run0 = {
+        startSession = true;
+        setEnvironment = true;
+      };
+    };
+
     polkit.enable = true;
-    sudo.execWheelOnly = true;
+
+    sudo.enable = false;
   };
 
   services.dbus.apparmor = lib.mkDefault "enabled";
author	Seth Flynn <[email protected]>	2025-02-13 23:58:06 -0500
committer	Seth Flynn <[email protected]>	2025-02-13 23:58:06 -0500
commit	c1bea770122a7cf2dea5113387265f59010d5a7f (patch)
tree	fbad53d24b463e10b18c72a5016b8e4b3a9e23ac /modules/nixos/defaults/security.nix
parent	b890a5c57b0b4844455d8795fd057e81fa3f2ea2 (diff)