nixcfg/modules/nixos/security/doas/default.nix

{ options, config, pkgs, lib, ... }:

with lib;
with lib.plusultra;
let cfg = config.plusultra.security.doas;
in
{
  options.plusultra.security.doas = {
    enable = mkBoolOpt false "Whether or not to replace sudo with doas.";
  };

  config = mkIf cfg.enable {
    # Disable sudo
    security.sudo.enable = false;

    # Enable and configure `doas`.
    security.doas = {
      enable = true;
      extraRules = [{
        users = [ config.plusultra.user.name ];
        noPass = true;
        keepEnv = true;
      }];
    };

    # Add an alias to the shell for backward-compat and convenience.
    environment.shellAliases = { sudo = "doas"; };
  };
}
refactor 2024-01-11 11:26:46 +01:00			`{ options, config, pkgs, lib, ... }:`

			`with lib;`
			`with lib.plusultra;`
			`let cfg = config.plusultra.security.doas;`
			`in`
			`{`
			`options.plusultra.security.doas = {`
			`enable = mkBoolOpt false "Whether or not to replace sudo with doas.";`
			`};`

			`config = mkIf cfg.enable {`
			`# Disable sudo`
			`security.sudo.enable = false;`

			# Enable and configure `doas`.
			`security.doas = {`
			`enable = true;`
			`extraRules = [{`
			`users = [ config.plusultra.user.name ];`
			`noPass = true;`
			`keepEnv = true;`
			`}];`
			`};`

			`# Add an alias to the shell for backward-compat and convenience.`
			`environment.shellAliases = { sudo = "doas"; };`
			`};`
			`}`