diff options
Diffstat (limited to 'modules/common/security.nix')
-rw-r--r-- | modules/common/security.nix | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/modules/common/security.nix b/modules/common/security.nix new file mode 100644 index 0000000..c635cdc --- /dev/null +++ b/modules/common/security.nix @@ -0,0 +1,31 @@ +_: { + security = { + sudo = { + enable = true; + execWheelOnly = true; + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture=never + ''; + }; + + polkit = { + enable = true; + extraConfig = '' + /* + * Allow members of the wheel group to execute any actions + * without password authentication, similar to "sudo NOPASSWD:". + * + * https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt + */ + polkit.addRule(function(action, subject) { + if (subject.isInGroup('wheel')) + return polkit.Result.YES; + }); + ''; + }; + + # Pretty much used only for PipeWire. + rtkit.enable = true; + }; +} |