Major config overhaul: use custom modules, setup for multi-host config, and less boilerplate

2025-02-09 16:50:26 -06:00
parent 1fa8b17b07
commit 0453901d17
303 changed files with 3560 additions and 5566 deletions
--- a/modules/system/security/doas/default.nix
+++ b/modules/system/security/doas/default.nix
@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.systemSettings.security.doas;
+  adminUsers = config.systemSettings.adminUsers;
+in {
+  options = {
+    systemSettings.security.doas = {
+      enable = lib.mkEnableOption "Replace sudo with doas";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Doas instead of sudo
+    security.doas.enable = true;
+    security.sudo.enable = false;
+    security.doas.extraRules = [
+      {
+        users = adminUsers;
+        cmd = "nix";
+        noPass = true;
+        keepEnv = true;
+      }
+      {
+        users = adminUsers;
+        cmd = "nixos-rebuild";
+        noPass = true;
+        keepEnv = true;
+      }
+      {
+        users = adminUsers;
+        cmd = "nix-collect-garbage";
+        noPass = true;
+        keepEnv = true;
+      }
+    ];
+
+    environment.systemPackages = [
+      pkgs.doas-sudo-shim
+    ];
+  };
+}