mirror of
https://git.sr.ht/~neverness/ultima
synced 2025-01-06 11:33:51 +00:00
33 lines
737 B
Nix
33 lines
737 B
Nix
{ pkgs, lib, config, userName, True, False, ... }:
|
|
|
|
with lib;
|
|
|
|
let cfg = config.module.hardware.security;
|
|
in {
|
|
options = { module.hardware.security = { enable = mkEnableOption ""; }; };
|
|
|
|
config = mkIf cfg.enable {
|
|
security = {
|
|
sudo = False;
|
|
sudo-rs = True // { # TOP
|
|
execWheelOnly = true;
|
|
wheelNeedsPassword = true;
|
|
extraRules = [{
|
|
users = [ userName ];
|
|
commands = with pkgs; [
|
|
{
|
|
command = "${light}/bin/light";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
{
|
|
command = "${uutils-coreutils-noprefix}/bin/tee";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
}];
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|