modules/nixos/clicks/security/doas/default.nix - Infra/NixFiles - Gitiles

 # SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
 # SPDX-FileCopyrightText: 2024 Clicks Codes
 #
 # SPDX-License-Identifier: GPL-3.0-only

 {
   lib,
   pkgs,
   config,
   ...
 }:
 let
   cfg = config.clicks.security.doas;
 in
 {
   options.clicks.security.doas = {
     enable = lib.mkEnableOption "doas";
   };

   config = lib.mkIf cfg.enable {
     security.sudo.enable = false;

     security.doas = {
       enable = true;
       extraRules = [
         {
           users = config.clicks.users.deployers;
           noPass = true;
           keepEnv = true;
         }
         {
           users = config.clicks.users.backups;
           noPass = true;
         }
       ];
     };

     environment.shellAliases = {
       sudo = "${config.security.wrapperDir}/${config.security.wrappers.doas.program}";
     };
   };
 }
	# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
	# SPDX-FileCopyrightText: 2024 Clicks Codes
	#
	# SPDX-License-Identifier: GPL-3.0-only

	{
	lib,
	pkgs,
	config,
	...
	}:
	let
	cfg = config.clicks.security.doas;
	in
	{
	options.clicks.security.doas = {
	enable = lib.mkEnableOption "doas";
	};

	config = lib.mkIf cfg.enable {
	security.sudo.enable = false;

	security.doas = {
	enable = true;
	extraRules = [
	{
	users = config.clicks.users.deployers;
	noPass = true;
	keepEnv = true;
	}
	{
	users = config.clicks.users.backups;
	noPass = true;
	}
	];
	};

	environment.shellAliases = {
	sudo = "${config.security.wrapperDir}/${config.security.wrappers.doas.program}";
	};
	};
	}