From bf1c00cbaf3a72d00d8685b8c855fcc4c44dd482 Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Mon, 13 Mar 2023 18:49:13 -0400
Subject: update security settings

---
 profiles/nixos/security.nix | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

(limited to 'profiles/nixos/security.nix')

diff --git a/profiles/nixos/security.nix b/profiles/nixos/security.nix
index 7ad0069..4e7303a 100644
--- a/profiles/nixos/security.nix
+++ b/profiles/nixos/security.nix
@@ -7,26 +7,18 @@
     apparmor.enable = lib.mkDefault true;
     audit.enable = lib.mkDefault true;
     auditd.enable = lib.mkDefault true;
-    rtkit.enable = true;
-    sudo = {
-      execWheelOnly = true;
-      extraRules = [
-        {
-          users = ["root"];
-          groups = ["root"];
-          commands = ["ALL"];
-        }
-        {
-          users = ["seth"];
-          commands = ["ALL"];
-        }
-      ];
-    };
     polkit.enable = true;
+    rtkit.enable = true;
+    sudo.execWheelOnly = true;
   };
 
   users = {
     defaultUserShell = pkgs.bash;
     mutableUsers = false;
   };
+
+  nix.settings = {
+    allowed-users = ["root" "@wheel"];
+    trusted-users = ["root"];
+  };
 }
-- 
cgit v1.2.3