hosts/common/security.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

{
	lib,
	config,
	...
}:
with builtins;
with lib; {
	security.sudo = {
		configFile = ''
			Defaults	env_reset
			Defaults	secure_path = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
			Defaults	editor = /run/current-system/sw/bin/vim,!env_editor
		'';
		execWheelOnly = true;
		extraRules = [
			{
				users = ["root"];
				groups = ["root"];
				commands = ["ALL"];
			}
			{
				users = ["seth"];
				commands = ["ALL"];
			}
		];
	};
}