Bloxx12
e641dfa114
Signed-off-by: Bloxx12 <charlie@charlieroot.dev> Change-Id: I6a6a69641c36f9763e104087a559c148d0449f00
25 lines
554 B
Nix
25 lines
554 B
Nix
{
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib.modules) mkForce mkDefault;
|
|
in
|
|
{
|
|
security = {
|
|
sudo-rs.enable = mkForce false;
|
|
sudo = {
|
|
enable = true;
|
|
# We use the default sudo package, but with insults if we
|
|
# fail to provide the correct password
|
|
package = pkgs.sudo.override { withInsults = true; };
|
|
|
|
# Wheel user should need the password to execute sudo commands
|
|
wheelNeedsPassword = mkDefault true;
|
|
|
|
# BUT, only wheel users should be able to use sudo.
|
|
execWheelOnly = mkForce true;
|
|
};
|
|
};
|
|
}
|