From b673b76f41a1f48c38acb9b67657e097e5b8a61f Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Fri, 2 Dec 2022 02:12:40 -0500
Subject: now *most* things work :p

---
 hosts/common/security.nix | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 hosts/common/security.nix

(limited to 'hosts/common/security.nix')

diff --git a/hosts/common/security.nix b/hosts/common/security.nix
new file mode 100644
index 0000000..debd6b7
--- /dev/null
+++ b/hosts/common/security.nix
@@ -0,0 +1,17 @@
+{ lib, config, ... }:
+
+with builtins; with lib;
+{
+	security.sudo = {
+		configFile = ''
+			Defaults	env_reset
+			Defaults	secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
+			Defaults	editor = /run/current-system/sw/bin/vim,!env_editor
+		'';
+		execWheelOnly = true;
+		extraRules = [
+			{ users = [ "root" ]; groups = [ "root" ]; commands = [ "ALL" ]; }
+			{ users = [ "seth" ]; commands = [ "ALL" ]; }
+		];
+	};
+}
-- 
cgit v1.2.3