From 4730b215fdc4095800fedfdf690c12fec994bb6b Mon Sep 17 00:00:00 2001
From: Tim Keller <tjk@tjkeller.xyz>
Date: Wed, 2 Oct 2024 22:07:10 -0500
Subject: more reorganizing and modularizing

---
 modules/root/doas.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 modules/root/doas.nix

(limited to 'modules/root/doas.nix')

diff --git a/modules/root/doas.nix b/modules/root/doas.nix
new file mode 100644
index 0000000..2af324e
--- /dev/null
+++ b/modules/root/doas.nix
@@ -0,0 +1,16 @@
+{ lib, config, ... }: {
+	options = {
+		doas.enable = lib.mkEnableOption "enables doas";
+		sudo.enable = lib.mkEnableOption "enables sudo";
+	};
+
+	config = lib.mkIf config.doas.enable {
+		security.doas.enable = true;
+		security.sudo.enable = config.sudo.enable;
+		security.doas.extraRules = [{
+			groups = ["wheel"];
+			keepEnv = true;
+			noPass = true;
+		}];
+	};
+}
-- 
cgit v1.2.3