commit a9914e9a16fcc8d78109fbccec807c2ae6045ab9
parent e4eda2c327b171a7499f322496b2c80f86852b07
Author: Francesco Saccone <francesco@francescosaccone.com>
Date: Tue, 18 Mar 2025 19:46:55 +0100
feat: replace sudo with doas
Signed-off-by: Francesco Saccone <francesco@francescosaccone.com>
Diffstat:
4 files changed, 27 insertions(+), 30 deletions(-)
diff --git a/hosts/laptop/default.nix b/hosts/laptop/default.nix
@@ -6,6 +6,9 @@
}:
{
modules = {
+ doas = {
+ enable = true;
+ };
monero = {
enable = true;
mining = {
@@ -23,9 +26,6 @@
openssh.agent = {
enable = true;
};
- sudo = {
- enable = true;
- };
tlp = {
enable = true;
};
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
@@ -4,11 +4,11 @@
./agate
./bind
./darkhttpd
+ ./doas
./git
./monero
./networkmanager
./openssh
- ./sudo
./tlp
./wayland
];
diff --git a/modules/nixos/doas/default.nix b/modules/nixos/doas/default.nix
@@ -0,0 +1,23 @@
+{
+ lib,
+ options,
+ config,
+ pkgs,
+ ...
+}:
+{
+ options.modules.doas = {
+ enable = lib.mkOption {
+ description = "Whether to enable the doas command.";
+ default = false;
+ type = lib.types.bool;
+ };
+ };
+
+ config = lib.mkIf config.modules.doas.enable {
+ security.doas = {
+ enable = true;
+ wheelNeedsPassword = true;
+ };
+ };
+}
diff --git a/modules/nixos/sudo/default.nix b/modules/nixos/sudo/default.nix
@@ -1,26 +0,0 @@
-{
- lib,
- options,
- config,
- pkgs,
- ...
-}:
-{
- options.modules.sudo = {
- enable = lib.mkOption {
- description = "Whether to enable the sudo command.";
- default = false;
- type = lib.types.bool;
- };
- };
-
- config = lib.mkIf config.modules.sudo.enable {
- security.sudo = {
- enable = true;
- package = pkgs.sudo;
-
- execWheelOnly = true;
- wheelNeedsPassword = true;
- };
- };
-}
