30 lines
656 B
Nix
30 lines
656 B
Nix
{ options, config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
with lib.plusultra;
|
|
let cfg = config.plusultra.security.doas;
|
|
in
|
|
{
|
|
options.plusultra.security.doas = {
|
|
enable = mkBoolOpt false "Whether or not to replace sudo with doas.";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
# Disable sudo
|
|
security.sudo.enable = false;
|
|
|
|
# Enable and configure `doas`.
|
|
security.doas = {
|
|
enable = true;
|
|
extraRules = [{
|
|
users = [ config.plusultra.user.name ];
|
|
noPass = true;
|
|
keepEnv = true;
|
|
}];
|
|
};
|
|
|
|
# Add an alias to the shell for backward-compat and convenience.
|
|
environment.shellAliases = { sudo = "doas"; };
|
|
};
|
|
}
|