From e8dbb049452e014fe89df34cb8f29e7c21c37666 Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Mon, 30 Jan 2023 01:48:52 +0300
Subject: 2023-01-30

---
 modules/nixos/common/security.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'modules/nixos/common/security.nix')

diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix
index 09c5da1..d146cee 100644
--- a/modules/nixos/common/security.nix
+++ b/modules/nixos/common/security.nix
@@ -9,17 +9,21 @@ with lib; {
       enable = true;
       execWheelOnly = true;
       wheelNeedsPassword = false;
-      # https://mwl.io/archives/1000
       extraConfig = ''
-        Defaults env_keep += "SSH_CLIENT SSH_CONNECTION SSH_TTY SSH_AUTH_SOCK"
+        Defaults lecture=never
       '';
     };
 
     polkit = {
       enable = true;
-      # https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
       extraConfig = ''
-        polkit.addRule(function (action, subject) {
+        /*
+         * Allow members of the wheel group to execute any actions
+         * without password authentication, similar to "sudo NOPASSWD:".
+         *
+         * https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
+         */
+        polkit.addRule(function(action, subject) {
           if (subject.isInGroup('wheel'))
             return polkit.Result.YES;
         });
-- 
cgit v1.2.3