Remove sudo

modules/accentor.nix

@@ -70,6 +70,14 @@ in
       '')
     ];
 
+    security.doas.extraRules = [{
+      users = [ "charlotte" ];
+      noPass = true;
+      cmd = "accentor-console";
+      runAs = "accentor";
+      setEnv = [ "RAILS_MASTER_KEY" ];
+    }];
+
     services.postgresql = {
       enable = true;
       dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";

modules/default.nix

@@ -89,6 +89,19 @@
       externalInterface = "eno3";
     };
 
+    security.sudo.enable = false;
+    security.doas = {
+      enable = true;
+      extraRules = [
+        {
+          users = [ "charlotte" ];
+          noPass = true;
+          cmd = "nix-collect-garbage";
+          runAs = "root";
+        }
+      ];
+    };
+
     users = {
       mutableUsers = false;
       defaultUserShell = pkgs.zsh;
@@ -97,7 +110,7 @@
           isNormalUser = true;
           home = "/home/charlotte";
           description = "Charlotte Van Petegem";
-          extraGroups = [ "wheel" "systemd-journal" ] ++ lib.optionals config.chvp.graphical [ "input" "video" ];
+          extraGroups = [ "systemd-journal" ] ++ lib.optionals config.chvp.graphical [ "input" "video" ];
         };
       };
     };

modules/zsh.nix

@@ -30,7 +30,6 @@
               "extract"
               "history-substring-search"
               "git"
-              "sudo"
               "systemd"
               "tmux"
             ];
@@ -50,8 +49,8 @@
       });
     in
     lib.mkIf config.chvp.zsh.enable {
-      chvp.zfs.systemLinks = [ { path = "/root/.local/share/autojump"; type = "cache"; } ];
-      chvp.zfs.homeLinks = [ { path = ".local/share/autojump"; type = "cache"; } ];
+      chvp.zfs.systemLinks = [{ path = "/root/.local/share/autojump"; type = "cache"; }];
+      chvp.zfs.homeLinks = [{ path = ".local/share/autojump"; type = "cache"; }];
       home-manager.users.charlotte = { ... }: (base "/home/charlotte");
       home-manager.users.root = { ... }: (base "/root");
     };