diff options
Diffstat (limited to '')
-rw-r--r-- | modules/nixos/common/security.nix | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix index 09c5da1..d146cee 100644 --- a/modules/nixos/common/security.nix +++ b/modules/nixos/common/security.nix @@ -9,17 +9,21 @@ with lib; { enable = true; execWheelOnly = true; wheelNeedsPassword = false; - # https://mwl.io/archives/1000 extraConfig = '' - Defaults env_keep += "SSH_CLIENT SSH_CONNECTION SSH_TTY SSH_AUTH_SOCK" + Defaults lecture=never ''; }; polkit = { enable = true; - # https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt extraConfig = '' - polkit.addRule(function (action, subject) { + /* + * Allow members of the wheel group to execute any actions + * without password authentication, similar to "sudo NOPASSWD:". + * + * https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt + */ + polkit.addRule(function(action, subject) { if (subject.isInGroup('wheel')) return polkit.Result.YES; }); |