mirror of
https://git.sr.ht/~neverness/ultima
synced 2025-01-06 15:03:53 +00:00
42 lines
696 B
Nix
42 lines
696 B
Nix
{
|
|
x,
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
with lib;
|
|
with x;
|
|
let
|
|
cfg = config.module.hardware.security;
|
|
in
|
|
{
|
|
options = {
|
|
module.hardware.security = {
|
|
enable = mkBool;
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
security.sudo-rs = {
|
|
execWheelOnly = true;
|
|
wheelNeedsPassword = true;
|
|
extraRules = [
|
|
{
|
|
users = [ userName ];
|
|
commands = with pkgs; [
|
|
{
|
|
command = "${light}/bin/light";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
{
|
|
command = "${uutils-coreutils-noprefix}/bin/tee";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|