From e79ed0f64317ab1502e4d6222f69e1b64a543b2a Mon Sep 17 00:00:00 2001
From: imxyy_soope_ <imxyy1soope1@gmail.com>
Date: Fri, 4 Jul 2025 21:32:35 +0800
Subject: [PATCH] feat(doas): add sudo wrapper

---
 modules/desktop/terminal/kitty/default.nix | 1 +
 modules/user.nix                           | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/desktop/terminal/kitty/default.nix b/modules/desktop/terminal/kitty/default.nix
index 0d0d7e1..d363c9e 100644
--- a/modules/desktop/terminal/kitty/default.nix
+++ b/modules/desktop/terminal/kitty/default.nix
@@ -27,6 +27,7 @@ lib.my.makeHomeProgramConfig {
         name = "monospace";
         size = 14;
       };
+      shellIntegration.mode = "no-cursor no-sudo";
       extraConfig = ''
         include ${./tokyonight-storm.conf}
       '';
diff --git a/modules/user.nix b/modules/user.nix
index 13ff134..f925146 100644
--- a/modules/user.nix
+++ b/modules/user.nix
@@ -35,20 +35,22 @@ lib.my.makeSwitch {
     };
     users.users.root.hashedPasswordFile = lib.mkDefault config.sops.secrets.imxyy-nix-hashed-password.path;
 
+    security.sudo.enable = false;
     security.doas = {
       enable = true;
       extraRules = [
         {
           users = [ username ];
           noPass = true;
+          keepEnv = true;
         }
       ];
     };
     environment.shellAliases = {
-      sudo = "doas";
       sudoedit = "doasedit";
     };
     environment.systemPackages = [
+      (pkgs.writeShellScriptBin "sudo" ''exec doas "$@"'')
       (pkgs.writeShellScriptBin "doasedit" ''
         if [ -n "''${2}" ]; then
           printf 'Expected only one argument\n'