diff options
Diffstat (limited to 'hosts/common/security.nix')
| -rw-r--r-- | hosts/common/security.nix | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/hosts/common/security.nix b/hosts/common/security.nix new file mode 100644 index 0000000..debd6b7 --- /dev/null +++ b/hosts/common/security.nix @@ -0,0 +1,17 @@ +{ lib, config, ... }: + +with builtins; with lib; +{ + security.sudo = { + configFile = '' + Defaults env_reset + Defaults secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin + Defaults editor = /run/current-system/sw/bin/vim,!env_editor + ''; + execWheelOnly = true; + extraRules = [ + { users = [ "root" ]; groups = [ "root" ]; commands = [ "ALL" ]; } + { users = [ "seth" ]; commands = [ "ALL" ]; } + ]; + }; +} |