From 6d33824dfc79f8d16a647c36b3215f3ee9e38be4 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Mon, 11 Mar 2024 21:42:19 +0100 Subject: [PATCH] security: Move sudo configuration into module --- hosts/dregil/configuration.nix | 1 + hosts/thrall/default.nix | 13 +------------ modules/sudo.nix | 15 +++++++++++++++ 3 files changed, 17 insertions(+), 12 deletions(-) create mode 100644 modules/sudo.nix diff --git a/hosts/dregil/configuration.nix b/hosts/dregil/configuration.nix index d38e601..cd23964 100644 --- a/hosts/dregil/configuration.nix +++ b/hosts/dregil/configuration.nix @@ -17,6 +17,7 @@ in { ./hardware-configuration.nix # ../../modules/appimage.nix + ../../modules/sudo.nix ../../modules/wm/x.nix ../../modules/wm/xmonad/default.nix ]; diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix index b55c64c..3eb7eb4 100644 --- a/hosts/thrall/default.nix +++ b/hosts/thrall/default.nix @@ -12,6 +12,7 @@ in { inputs.snm.nixosModule inputs.agenix.nixosModules.age ../../modules/security.nix + ../../modules/sudo.nix ../../modules/upgrade-pg-cluster.nix ../../modules/nix-config.nix ../../modules/iohk.nix @@ -110,18 +111,6 @@ in { defaults.email = "alex@jakalx.net"; }; - security.sudo = { - enable = true; - execWheelOnly = true; - extraRules = [{ - groups = [ "wheel" ]; - commands = [{ - command = "/run/current-system/sw/bin/nixos-rebuild"; - options = [ "NOPASSWD" ]; - }]; - }]; - }; - # Select internationalization properties. i18n.defaultLocale = "en_US.UTF-8"; console = { diff --git a/modules/sudo.nix b/modules/sudo.nix new file mode 100644 index 0000000..f2c4915 --- /dev/null +++ b/modules/sudo.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +{ + config.security.sudo = { + enable = true; + execWheelOnly = true; + extraRules = [{ + groups = [ "wheel" ]; + commands = [{ + command = "/run/current-system/sw/bin/nixos-rebuild"; + options = [ "NOPASSWD" ]; + }]; + }]; + }; +}