feat(doas): add sudo wrapper
This commit is contained in:
@@ -27,6 +27,7 @@ lib.my.makeHomeProgramConfig {
|
|||||||
name = "monospace";
|
name = "monospace";
|
||||||
size = 14;
|
size = 14;
|
||||||
};
|
};
|
||||||
|
shellIntegration.mode = "no-cursor no-sudo";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
include ${./tokyonight-storm.conf}
|
include ${./tokyonight-storm.conf}
|
||||||
'';
|
'';
|
||||||
|
|||||||
@@ -35,20 +35,22 @@ lib.my.makeSwitch {
|
|||||||
};
|
};
|
||||||
users.users.root.hashedPasswordFile = lib.mkDefault config.sops.secrets.imxyy-nix-hashed-password.path;
|
users.users.root.hashedPasswordFile = lib.mkDefault config.sops.secrets.imxyy-nix-hashed-password.path;
|
||||||
|
|
||||||
|
security.sudo.enable = false;
|
||||||
security.doas = {
|
security.doas = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraRules = [
|
extraRules = [
|
||||||
{
|
{
|
||||||
users = [ username ];
|
users = [ username ];
|
||||||
noPass = true;
|
noPass = true;
|
||||||
|
keepEnv = true;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
environment.shellAliases = {
|
environment.shellAliases = {
|
||||||
sudo = "doas";
|
|
||||||
sudoedit = "doasedit";
|
sudoedit = "doasedit";
|
||||||
};
|
};
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
(pkgs.writeShellScriptBin "sudo" ''exec doas "$@"'')
|
||||||
(pkgs.writeShellScriptBin "doasedit" ''
|
(pkgs.writeShellScriptBin "doasedit" ''
|
||||||
if [ -n "''${2}" ]; then
|
if [ -n "''${2}" ]; then
|
||||||
printf 'Expected only one argument\n'
|
printf 'Expected only one argument\n'
|
||||||
|
|||||||
Reference in New Issue
Block a user