nichts/modules/system/os/security/sudo.nix

{
  lib,
  pkgs,
}: let
  inherit (lib) mkForce mkDefault;
in {
  security = {
    sudo-rs.enable = mkForce false;
    sudo = {
      enable = true;
      # We use the default sudo package
      package = pkgs.sudo;

      # Wheel user should need the password to execute sudo commands
      wheelNeedsPassword = mkDefault true;

      # BUT, only wheel users should be able to use sudo.
      execWheelOnly = mkForce true;
    };
  };
}
sudo.nix: initial config 2024-08-22 21:41:20 +02:00			`{`
			`lib,`
			`pkgs,`
			`}: let`
			`inherit (lib) mkForce mkDefault;`
			`in {`
			`security = {`
			`sudo-rs.enable = mkForce false;`
			`sudo = {`
			`enable = true;`
			`# We use the default sudo package`
			`package = pkgs.sudo;`

			`# Wheel user should need the password to execute sudo commands`
			`wheelNeedsPassword = mkDefault true;`

			`# BUT, only wheel users should be able to use sudo.`
			`execWheelOnly = mkForce true;`
			`};`
			`};`
			`}`