summaryrefslogtreecommitdiff
path: root/modules/nixos/common/security.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/common/security.nix')
-rw-r--r--modules/nixos/common/security.nix29
1 files changed, 29 insertions, 0 deletions
diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix
new file mode 100644
index 0000000..09c5da1
--- /dev/null
+++ b/modules/nixos/common/security.nix
@@ -0,0 +1,29 @@
+{
+ inputs,
+ lib,
+ ...
+}:
+with lib; {
+ security = {
+ sudo = {
+ enable = true;
+ execWheelOnly = true;
+ wheelNeedsPassword = false;
+ # https://mwl.io/archives/1000
+ extraConfig = ''
+ Defaults env_keep += "SSH_CLIENT SSH_CONNECTION SSH_TTY SSH_AUTH_SOCK"
+ '';
+ };
+
+ polkit = {
+ enable = true;
+ # https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
+ extraConfig = ''
+ polkit.addRule(function (action, subject) {
+ if (subject.isInGroup('wheel'))
+ return polkit.Result.YES;
+ });
+ '';
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 02:35:03 +0000