dotfiles/modules/nixos/system/doas.nix

37 lines
716 B
Nix
Raw Permalink Normal View History

2022-04-26 01:54:53 +00:00
# Replace sudo with doas
2022-12-21 21:18:03 +00:00
{ config, pkgs, lib, ... }: {
2022-04-26 01:54:53 +00:00
2022-12-21 21:18:03 +00:00
config = lib.mkIf pkgs.stdenv.isLinux {
2022-04-26 01:54:53 +00:00
2022-12-21 21:18:03 +00:00
security = {
2022-04-26 01:54:53 +00:00
2022-12-21 21:18:03 +00:00
# Remove sudo
sudo.enable = false;
2022-04-26 01:54:53 +00:00
2022-12-21 21:18:03 +00:00
# Add doas
doas = {
enable = true;
2022-04-26 01:54:53 +00:00
2023-07-31 00:26:23 +00:00
# No password required for trusted users
2022-12-21 21:18:03 +00:00
wheelNeedsPassword = false;
# Pass environment variables from user to root
2023-07-31 00:26:23 +00:00
# Also requires specifying that we are removing password here
2022-12-21 21:18:03 +00:00
extraRules = [{
groups = [ "wheel" ];
noPass = true;
keepEnv = true;
}];
};
};
2023-07-31 00:26:23 +00:00
# Alias sudo to doas for convenience
2022-12-21 21:18:03 +00:00
home-manager.users.${config.user}.programs.fish.shellAliases = {
sudo = "doas";
2022-04-26 01:54:53 +00:00
};
2022-04-30 14:21:43 +00:00
2022-04-30 16:07:58 +00:00
};
2022-12-21 21:18:03 +00:00
2022-04-26 01:54:53 +00:00
}