2022-12-17

author: Azat Bahawi <azat@bahawi.net> 2022-12-17 16:39:09 +0300
committer: Azat Bahawi <azat@bahawi.net> 2022-12-17 16:39:09 +0300
commit: 8f137c28230623259a964484adcf31fe00756594 (patch)
tree: 82bce6a13fda125087cf6d9dc80aa91d9230d6c4 /modules/nixos/common/security.nix
parent: 2022-11-20 (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix
new file mode 100644
index 0000000..09c5da1
--- /dev/null
+++ b/modules/nixos/common/security.nix
@@ -0,0 +1,29 @@
+{
+  inputs,
+  lib,
+  ...
+}:
+with lib; {
+  security = {
+    sudo = {
+      enable = true;
+      execWheelOnly = true;
+      wheelNeedsPassword = false;
+      # https://mwl.io/archives/1000
+      extraConfig = ''
+        Defaults env_keep += "SSH_CLIENT SSH_CONNECTION SSH_TTY SSH_AUTH_SOCK"
+      '';
+    };
+
+    polkit = {
+      enable = true;
+      # https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
+      extraConfig = ''
+        polkit.addRule(function (action, subject) {
+          if (subject.isInGroup('wheel'))
+            return polkit.Result.YES;
+        });
+      '';
+    };
+  };
+}
author	Azat Bahawi <azat@bahawi.net>	2022-12-17 16:39:09 +0300
committer	Azat Bahawi <azat@bahawi.net>	2022-12-17 16:39:09 +0300
commit	8f137c28230623259a964484adcf31fe00756594 (patch)
tree	82bce6a13fda125087cf6d9dc80aa91d9230d6c4 /modules/nixos/common/security.nix
parent	2022-11-20 (diff)