RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-30 19:47:47 +00:00
Code Issues Activity

Upgrade sudo config

Browse source
This commit is contained in:
RGBCube 2024-01-15 15:52:38 +03:00
parent c73ad40b7f
commit a1aca8a0d3
No known key found for this signature in database
1 changed files with 50 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

54
modules/sudo.nix
View file

@ -1,10 +1,56 @@
{ ulib, ... }: with ulib;
{ lib, ulib, ... }: with ulib; merge
systemConfiguration {
(desktopSystemConfiguration {
security.sudo.wheelNeedsPassword = false;
})
(systemConfiguration {
security.sudo = enabled {
extraConfig = ''
Defaults timestamp_timeout=${if ulib.isDesktop then "-1" else "0"}
Defaults lecture = never
Defaults pwfeedback
Defaults env_keep += "DISPLAY EDITOR PATH"
${lib.optionalString ulib.isServer ''
Defaults timestamp_timeout = 0
''}
'';
execWheelOnly = true;
extraRules = [{
groups = [ "wheel" ];
commands = let
system = "/run/current-system";
store = "/nix/store";
in [
{
command = "${store}/*/bin/switch-to-configuration";
options = [ "SETENV" "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix system";
options = [ "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix-collect-garbage";
options = [ "SETENV" "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix-env";
options = [ "SETENV" "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nix-store";
options = [ "SETENV" "NOPASSWD" ];
}
{
command = "${system}/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}
{
command = "${system}/sw/bin/systemctl";
options = [ "NOPASSWD" ];
}
];
}];
};
}
})