diff options
author | Azat Bahawi <azat@bahawi.net> | 2024-04-21 02:15:42 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2024-04-21 02:15:42 +0300 |
commit | e6ed60548397627bf10f561f9438201dbba0a36e (patch) | |
tree | f9a84c5957d2cc4fcd148065ee9365a0c851ae1c /modules/common/security.nix | |
parent | 9ac64328603d44bd272175942d3ea3eaadcabd04 (diff) |
2024-04-21
Diffstat (limited to 'modules/common/security.nix')
-rw-r--r-- | modules/common/security.nix | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/modules/common/security.nix b/modules/common/security.nix new file mode 100644 index 0000000..c635cdc --- /dev/null +++ b/modules/common/security.nix @@ -0,0 +1,31 @@ +_: { + security = { + sudo = { + enable = true; + execWheelOnly = true; + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture=never + ''; + }; + + polkit = { + enable = true; + extraConfig = '' + /* + * Allow members of the wheel group to execute any actions + * without password authentication, similar to "sudo NOPASSWD:". + * + * https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt + */ + polkit.addRule(function(action, subject) { + if (subject.isInGroup('wheel')) + return polkit.Result.YES; + }); + ''; + }; + + # Pretty much used only for PipeWire. + rtkit.enable = true; + }; +} |