# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors | |
# SPDX-FileCopyrightText: 2024 Clicks Codes | |
# | |
# SPDX-License-Identifier: GPL-3.0-only | |
{ | |
lib, | |
pkgs, | |
config, | |
... | |
}: | |
let | |
cfg = config.clicks.security.doas; | |
in | |
{ | |
options.clicks.security.doas = { | |
enable = lib.mkEnableOption "doas"; | |
}; | |
config = lib.mkIf cfg.enable { | |
security.sudo.enable = false; | |
security.doas = { | |
enable = true; | |
extraRules = [ | |
{ | |
users = config.clicks.users.deployers; | |
noPass = true; | |
keepEnv = true; | |
} | |
{ | |
users = config.clicks.users.backups; | |
noPass = true; | |
} | |
]; | |
}; | |
environment.shellAliases = { | |
sudo = "${config.security.wrapperDir}/${config.security.wrappers.doas.program}"; | |
}; | |
}; | |
} |