2024-04-20 09:42:06 -04:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2025-01-20 22:35:40 -05:00
|
|
|
|
|
|
|
|
let
|
|
|
|
|
cfg = config.nmasur.presets.programs.doas;
|
|
|
|
|
in
|
|
|
|
|
|
2024-04-20 09:42:06 -04:00
|
|
|
{
|
2022-04-25 21:54:53 -04:00
|
|
|
|
2025-01-20 22:35:40 -05:00
|
|
|
options.nmasur.presets.programs.doas.enable = lib.mkEnableOption "doas sudo alternative";
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
2022-04-25 21:54:53 -04:00
|
|
|
|
2022-12-21 14:18:03 -07:00
|
|
|
security = {
|
2022-04-25 21:54:53 -04:00
|
|
|
|
2022-12-21 14:18:03 -07:00
|
|
|
# Remove sudo
|
|
|
|
|
sudo.enable = false;
|
2022-04-25 21:54:53 -04:00
|
|
|
|
2022-12-21 14:18:03 -07:00
|
|
|
# Add doas
|
|
|
|
|
doas = {
|
|
|
|
|
enable = true;
|
2022-04-25 21:54:53 -04:00
|
|
|
|
2023-07-30 20:26:23 -04:00
|
|
|
# No password required for trusted users
|
2022-12-21 14:18:03 -07:00
|
|
|
wheelNeedsPassword = false;
|
|
|
|
|
|
|
|
|
|
# Pass environment variables from user to root
|
2023-07-30 20:26:23 -04:00
|
|
|
# Also requires specifying that we are removing password here
|
2024-04-20 09:42:06 -04:00
|
|
|
extraRules = [
|
|
|
|
|
{
|
|
|
|
|
groups = [ "wheel" ];
|
|
|
|
|
noPass = true;
|
|
|
|
|
keepEnv = true;
|
|
|
|
|
}
|
|
|
|
|
];
|
2022-12-21 14:18:03 -07:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2022-04-30 12:07:58 -04:00
|
|
|
};
|
2022-04-25 21:54:53 -04:00
|
|
|
}
|
