chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove sudo

Browse source
This commit is contained in:
Charlotte Van Petegem 2021-01-27 16:57:07 +01:00
parent ef572c20bc
commit ad71bb0318
No known key found for this signature in database
GPG key ID: 019E764B7184435A
5 changed files with 27 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
containers/data-access/config.nix
View file

@ -11,6 +11,7 @@
uid = 1000; uid = 1000;
group = "users"; group = "users";
}; };
security.sudo.enable = false;
services.openssh = { services.openssh = {
enable = true; enable = true;
permitRootLogin = "no"; permitRootLogin = "no";

8
modules/accentor.nix
View file

@ -70,6 +70,14 @@ in
'') '')
]; ];
security.doas.extraRules = [{
users = [ "charlotte" ];
noPass = true;
cmd = "accentor-console";
runAs = "accentor";
setEnv = [ "RAILS_MASTER_KEY" ];
}];
services.postgresql = { services.postgresql = {
enable = true; enable = true;
dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";

15
modules/default.nix
View file

@ -89,6 +89,19 @@
externalInterface = "eno3"; externalInterface = "eno3";
}; };
security.sudo.enable = false;
security.doas = {
enable = true;
extraRules = [
{
users = [ "charlotte" ];
noPass = true;
cmd = "nix-collect-garbage";
runAs = "root";
}
];
};
users = { users = {
mutableUsers = false; mutableUsers = false;
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
@ -97,7 +110,7 @@
isNormalUser = true; isNormalUser = true;
home = "/home/charlotte"; home = "/home/charlotte";
description = "Charlotte Van Petegem"; description = "Charlotte Van Petegem";
extraGroups = [ "wheel" "systemd-journal" ] ++ lib.optionals config.chvp.graphical [ "input" "video" ]; extraGroups = [ "systemd-journal" ] ++ lib.optionals config.chvp.graphical [ "input" "video" ];
}; };
}; };
}; };

5
modules/zsh.nix
View file

@ -30,7 +30,6 @@
"extract" "extract"
"history-substring-search" "history-substring-search"
"git" "git"
"sudo"
"systemd" "systemd"
"tmux" "tmux"
]; ];
@ -50,8 +49,8 @@
}); });
in in
lib.mkIf config.chvp.zsh.enable { lib.mkIf config.chvp.zsh.enable {
chvp.zfs.systemLinks = [ { path = "/root/.local/share/autojump"; type = "cache"; } ]; chvp.zfs.systemLinks = [{ path = "/root/.local/share/autojump"; type = "cache"; }];
chvp.zfs.homeLinks = [ { path = ".local/share/autojump"; type = "cache"; } ]; chvp.zfs.homeLinks = [{ path = ".local/share/autojump"; type = "cache"; }];
home-manager.users.charlotte = { ... }: (base "/home/charlotte"); home-manager.users.charlotte = { ... }: (base "/home/charlotte");
home-manager.users.root = { ... }: (base "/root"); home-manager.users.root = { ... }: (base "/root");
}; };

4
update.sh
View file

@ -15,7 +15,7 @@ nix flake update --recreate-lock-file
if [ -z "${OVERRIDE:-}" ] if [ -z "${OVERRIDE:-}" ]
then then
sudo nixos-rebuild --flake . switch su -c "nixos-rebuild --flake . switch"
else else
sudo nixos-rebuild --flake . --override-input nixpkgs ../nixpkgs --no-write-lock-file switch su -c "nixos-rebuild --flake . --override-input nixpkgs ../nixpkgs --no-write-lock-file switch"
fi fi