Skyler Grey | f08a619 | 2024-06-01 23:55:20 +0000 | [diff] [blame] | 1 | # SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors |
| 2 | # SPDX-FileCopyrightText: 2024 Clicks Codes |
| 3 | # |
| 4 | # SPDX-License-Identifier: GPL-3.0-only |
| 5 | |
| 6 | { |
| 7 | lib, |
| 8 | pkgs, |
| 9 | config, |
| 10 | ... |
| 11 | }: |
| 12 | let |
| 13 | cfg = config.clicks.security.doas; |
| 14 | in |
| 15 | { |
| 16 | options.clicks.security.doas = { |
| 17 | enable = lib.mkEnableOption "doas"; |
| 18 | }; |
| 19 | |
| 20 | config = lib.mkIf cfg.enable { |
| 21 | security.sudo.enable = false; |
| 22 | |
| 23 | security.doas = { |
| 24 | enable = true; |
| 25 | extraRules = [ |
| 26 | { |
| 27 | users = config.clicks.users.deployers; |
| 28 | noPass = true; |
| 29 | keepEnv = true; |
| 30 | } |
Skyler Grey | 05e11c1 | 2024-06-15 00:02:15 +0000 | [diff] [blame] | 31 | { |
| 32 | users = config.clicks.users.backups; |
| 33 | noPass = true; |
| 34 | } |
Skyler Grey | f08a619 | 2024-06-01 23:55:20 +0000 | [diff] [blame] | 35 | ]; |
| 36 | }; |
| 37 | |
| 38 | environment.shellAliases = { |
| 39 | sudo = "${config.security.wrapperDir}/${config.security.wrappers.doas.program}"; |
| 40 | }; |
| 41 | }; |
| 42 | } |