summaryrefslogtreecommitdiff
path: root/modules/nixos/common/security.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/common/security.nix')
-rw-r--r--modules/nixos/common/security.nix12
1 files changed, 8 insertions, 4 deletions
diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix
index 09c5da1..d146cee 100644
--- a/modules/nixos/common/security.nix
+++ b/modules/nixos/common/security.nix
@@ -9,17 +9,21 @@ with lib; {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
- # https://mwl.io/archives/1000
extraConfig = ''
- Defaults env_keep += "SSH_CLIENT SSH_CONNECTION SSH_TTY SSH_AUTH_SOCK"
+ Defaults lecture=never
'';
};
polkit = {
enable = true;
- # https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
extraConfig = ''
- polkit.addRule(function (action, subject) {
+ /*
+ * Allow members of the wheel group to execute any actions
+ * without password authentication, similar to "sudo NOPASSWD:".
+ *
+ * https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
+ */
+ polkit.addRule(function(action, subject) {
if (subject.isInGroup('wheel'))
return polkit.Result.YES;
});
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 08:31:31 +0000