f0d3993af5
Signed-off-by: faukah <fau@faukah.com> Change-Id: I6a6a69642a62454277434355a51bfa46492c8af3
27 lines
624 B
Nix
27 lines
624 B
Nix
{
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib.modules) mkForce mkDefault;
|
|
in
|
|
{
|
|
security = {
|
|
sudo-rs.enable = mkForce false;
|
|
sudo = {
|
|
enable = true;
|
|
# We use the default sudo package, but with insults if we
|
|
# fail to provide the correct password
|
|
package = (pkgs.sudo.override { withInsults = true; }).overrideAttrs (_: {
|
|
patches = [ ./insults.patch ];
|
|
});
|
|
|
|
# Wheel user should need the password to execute sudo commands
|
|
wheelNeedsPassword = mkDefault true;
|
|
|
|
# BUT, only wheel users should be able to use sudo.
|
|
execWheelOnly = mkForce true;
|
|
};
|
|
};
|
|
}
|