RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-28 02:27:44 +00:00
Code Issues Activity

Start refactor

Browse source
This commit is contained in:
RGBCube 2025-01-11 15:51:21 +03:00
parent 99b7ccfadb
commit 06cce18e72
155 changed files with 2139 additions and 3738 deletions
Download patch file Download diff file Expand all files Collapse all files

66
modules/linux/sudo.nix Normal file
View file

@ -0,0 +1,66 @@
{ config, lib, ... }: let
inherit (lib) enabled merge mkIf optionalString;
in merge {
security.sudo = enabled {
execWheelOnly = true;
extraConfig = ''
Defaults lecture = never
Defaults pwfeedback
Defaults env_keep += "DISPLAY EDITOR PATH"
${optionalString config.isServer ''
Defaults timestamp_timeout = 0
''}
'';
extraRules = [{
groups = [ "wheel" ];
commands = let
system = "/run/current-system";
store = "/nix/store";
in [
{
command = "${store}/*/bin/switch-to-configuration";
options = [ "SETENV" "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix system activate";
options = [ "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix system apply";
options = [ "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix system boot";
options = [ "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix system build";
options = [ "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix-collect-garbage";
options = [ "SETENV" "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix-env";
options = [ "SETENV" "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix-store";
options = [ "SETENV" "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}
{
command = "${system}/sw/bin/systemctl";
options = [ "NOPASSWD" ];
}
];
}];
};
} <| mkIf config.isDesktop {
security.sudo.wheelNeedsPassword = false;
}