modularize conf and stuff

author: Tim Keller <tjk@tjkeller.xyz> 2024-10-02 21:29:37 -0500
committer: Tim Keller <tjk@tjkeller.xyz> 2024-10-02 21:29:37 -0500
commit: 34b0bb8df42194a0ea433592e3cac27546f0af4e (patch)
tree: f584369db3a6accb74b1a9288c2480f8fd411671 /modules/doas.nix
parent: 4e4b8068825044ebfd435ec8a6f0e84f5c0c8801 (diff)
download: nixos-34b0bb8df42194a0ea433592e3cac27546f0af4e.tar.xz
nixos-34b0bb8df42194a0ea433592e3cac27546f0af4e.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/modules/doas.nix b/modules/doas.nix
new file mode 100644
index 0000000..2af324e
--- /dev/null
+++ b/modules/doas.nix
@@ -0,0 +1,16 @@
+{ lib, config, ... }: {
+	options = {
+		doas.enable = lib.mkEnableOption "enables doas";
+		sudo.enable = lib.mkEnableOption "enables sudo";
+	};
+
+	config = lib.mkIf config.doas.enable {
+		security.doas.enable = true;
+		security.sudo.enable = config.sudo.enable;
+		security.doas.extraRules = [{
+			groups = ["wheel"];
+			keepEnv = true;
+			noPass = true;
+		}];
+	};
+}
author	Tim Keller <tjk@tjkeller.xyz>	2024-10-02 21:29:37 -0500
committer	Tim Keller <tjk@tjkeller.xyz>	2024-10-02 21:29:37 -0500
commit	34b0bb8df42194a0ea433592e3cac27546f0af4e (patch)
tree	f584369db3a6accb74b1a9288c2480f8fd411671 /modules/doas.nix
parent	4e4b8068825044ebfd435ec8a6f0e84f5c0c8801 (diff)
download	nixos-34b0bb8df42194a0ea433592e3cac27546f0af4e.tar.xz nixos-34b0bb8df42194a0ea433592e3cac27546f0af4e.zip