sudo -> doas
This commit is contained in:
Henri Dohmen
parent
f1a1dd5d53
commit
b497b6405d
5 changed files with 38 additions and 13 deletions
28
mod/desktop/security.nix
Normal file
28
mod/desktop/security.nix
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.desktop.security;
|
||||
inherit (lib) mkEnableOption mkIf;
|
||||
in
|
||||
{
|
||||
options.desktop.security.enable = mkEnableOption "Security";
|
||||
config = mkIf cfg.enable {
|
||||
security.protectKernelImage = true;
|
||||
|
||||
security.sudo.enable = false;
|
||||
security.doas = {
|
||||
enable = true;
|
||||
extraRules = [
|
||||
{
|
||||
groups = [ "wheel" ];
|
||||
persist = true;
|
||||
keepEnv = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue