security: Move sudo configuration into module

2024-03-11 21:42:19 +01:00 · 2024-03-11 21:42:19 +01:00 · 6d33824dfc
commit 6d33824dfc
parent 8121d120e8
3 changed files with 17 additions and 12 deletions
--- a/modules/sudo.nix
+++ b/modules/sudo.nix
@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config.security.sudo = {
+    enable = true;
+    execWheelOnly = true;
+    extraRules = [{
+      groups = [ "wheel" ];
+      commands = [{
+        command = "/run/current-system/sw/bin/nixos-rebuild";
+        options = [ "NOPASSWD" ];
+      }];
+    }];
+  };
+}