Blame - modules/nixos/clicks/security/doas/default.nix - Infra/NixFiles

blob: 9778b0094ace61a102815de37fbabb5b13d04b33 [file] [log] [blame]

Skyler Grey	f08a619	2024-06-01 23:55:20 +0000	[diff] [blame]	1	# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
				2	# SPDX-FileCopyrightText: 2024 Clicks Codes
				3	#
				4	# SPDX-License-Identifier: GPL-3.0-only
				5
				6	{
				7	lib,
				8	pkgs,
				9	config,
				10	...
				11	}:
				12	let
				13	cfg = config.clicks.security.doas;
				14	in
				15	{
				16	options.clicks.security.doas = {
				17	enable = lib.mkEnableOption "doas";
				18	};
				19
				20	config = lib.mkIf cfg.enable {
				21	security.sudo.enable = false;
				22
				23	security.doas = {
				24	enable = true;
				25	extraRules = [
				26	{
				27	users = config.clicks.users.deployers;
				28	noPass = true;
				29	keepEnv = true;
				30	}
Skyler Grey	05e11c1	2024-06-15 00:02:15 +0000	[diff] [blame]	31	{
				32	users = config.clicks.users.backups;
				33	noPass = true;
				34	}
Skyler Grey	f08a619	2024-06-01 23:55:20 +0000	[diff] [blame]	35	];
				36	};
				37
				38	environment.shellAliases = {
				39	sudo = "${config.security.wrapperDir}/${config.security.wrappers.doas.program}";
				40	};
				41	};
				42	}