2023-01-30

author: Azat Bahawi <azat@bahawi.net> 2023-01-30 01:48:52 +0300
committer: Azat Bahawi <azat@bahawi.net> 2023-01-30 01:48:52 +0300
commit: e8dbb049452e014fe89df34cb8f29e7c21c37666 (patch)
tree: 8102c252877057fc5c1d5914b36cbb167927e153 /modules/nixos/common/security.nix
parent: 5e81e4814d6da25ce8531baf0bc2d23da7fc26b3 (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix
index 09c5da1..d146cee 100644
--- a/modules/nixos/common/security.nix
+++ b/modules/nixos/common/security.nix
@@ -9,17 +9,21 @@ with lib; {
       enable = true;
       execWheelOnly = true;
       wheelNeedsPassword = false;
-      # https://mwl.io/archives/1000
       extraConfig = ''
-        Defaults env_keep += "SSH_CLIENT SSH_CONNECTION SSH_TTY SSH_AUTH_SOCK"
+        Defaults lecture=never
       '';
     };
 
     polkit = {
       enable = true;
-      # https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
       extraConfig = ''
-        polkit.addRule(function (action, subject) {
+        /*
+         * Allow members of the wheel group to execute any actions
+         * without password authentication, similar to "sudo NOPASSWD:".
+         *
+         * https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
+         */
+        polkit.addRule(function(action, subject) {
           if (subject.isInGroup('wheel'))
             return polkit.Result.YES;
         });
author	Azat Bahawi <azat@bahawi.net>	2023-01-30 01:48:52 +0300
committer	Azat Bahawi <azat@bahawi.net>	2023-01-30 01:48:52 +0300
commit	e8dbb049452e014fe89df34cb8f29e7c21c37666 (patch)
tree	8102c252877057fc5c1d5914b36cbb167927e153 /modules/nixos/common/security.nix
parent	5e81e4814d6da25ce8531baf0bc2d23da7fc26b3 (diff)