From 54c6ed12b0c5844be789a7a4c865b004a2a70ac6 Mon Sep 17 00:00:00 2001
From: Tim Keller <tjk@tjkeller.xyz>
Date: Mon, 15 Jun 2026 15:40:14 -0500
Subject: move sudo and doas config to user timmy and remove irrelevant option
 modules

---
 archetypes/profiles/desktop/default.nix  |  1 -
 archetypes/profiles/headless/default.nix |  4 ----
 nixos/default.nix                        |  2 --
 nixos/doas.nix                           | 17 -----------------
 nixos/sudo.nix                           | 15 ---------------
 users/timmy/default.nix                  | 11 +++++++++++
 6 files changed, 11 insertions(+), 39 deletions(-)
 delete mode 100644 nixos/doas.nix
 delete mode 100644 nixos/sudo.nix

diff --git a/archetypes/profiles/desktop/default.nix b/archetypes/profiles/desktop/default.nix
index 7cde6b2..07cbd82 100644
--- a/archetypes/profiles/desktop/default.nix
+++ b/archetypes/profiles/desktop/default.nix
@@ -20,7 +20,6 @@
 		};
 
 		security = {
-			_doas.enable = mkDesktop true;
 			_polkit = {
 				enable = mkDesktop true;
 				gnome.enable = mkDesktop true;
diff --git a/archetypes/profiles/headless/default.nix b/archetypes/profiles/headless/default.nix
index c3ab755..ac1eb80 100644
--- a/archetypes/profiles/headless/default.nix
+++ b/archetypes/profiles/headless/default.nix
@@ -8,10 +8,6 @@
 			};
 		};
 
-		security = {
-			_doas.enable = mkHeadless true;
-		};
-
 		programs = {
 			_ddcutil.enable = mkHeadless true;
 		};
diff --git a/nixos/default.nix b/nixos/default.nix
index ce2a417..6defa6b 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -14,7 +14,6 @@
 
 		./bootloader.nix
 		./decklink.nix
-		./doas.nix
 		./geoclue.nix
 		./hosts.nix
 		./net-iface-labels.nix
@@ -23,7 +22,6 @@
 		./polkit.nix
 		./powerkeys.nix
 		./secrets.nix
-		./sudo.nix
 		./suspend.nix
 		./zshenv.nix
 	];
diff --git a/nixos/doas.nix b/nixos/doas.nix
deleted file mode 100644
index e1fa994..0000000
--- a/nixos/doas.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ lib, config, ... }: let
-	cfg = config.security._doas;
-in {
-	options.security._doas = {
-		enable = lib.mkEnableOption "enables doas";
-	};
-
-	config = lib.mkIf cfg.enable {
-		security.doas = {
-			enable = true;
-			wheelNeedsPassword = false;
-			extraRules = [{
-				keepEnv = true;
-			}];
-		};
-	};
-}
diff --git a/nixos/sudo.nix b/nixos/sudo.nix
deleted file mode 100644
index 5fa2727..0000000
--- a/nixos/sudo.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ lib, config, ... }: let
-	cfg = config.security._sudo;
-in {
-	options.security._sudo = {
-		enable = lib.mkEnableOption "enables sudo";
-	};
-
-	#config = lib.mkIf cfg.enable {
-	config = {  # TODO remove once can be built from flake w git
-		security.sudo = {
-			enable = true;
-			wheelNeedsPassword = false;
-		};
-	};
-}
diff --git a/users/timmy/default.nix b/users/timmy/default.nix
index 3a8a4e3..cb8eb7b 100644
--- a/users/timmy/default.nix
+++ b/users/timmy/default.nix
@@ -55,6 +55,17 @@ in {
 			];
 		};
 
+		# Enable sudo and doas
+		security.sudo = {
+			enable = true;
+			wheelNeedsPassword = false;
+		};
+		security.doas = {
+			enable = true;
+			wheelNeedsPassword = false;
+			extraRules = [{ keepEnv = true; }];
+		};
+
 		# Configure automatic login with getty
 		services.getty = lib.mkIf cfg.autologin.enable {
 			autologinUser = username;
-- 
cgit v1.2.3