nixos/options/custom/settings/security.nix

{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.custom.settings.security;
in {
  options.custom.settings.security.enable = mkOption {default = false;};

  config = mkIf cfg.enable {
    # Bypass password prompts
    security = {
      sudo = {
        enable = true;
        wheelNeedsPassword = false;
      };

      # https://wiki.nixos.org/wiki/Sway#Using_Home_Manager
      # https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
      polkit = {
        enable = true;
        extraConfig = ''
          polkit.addRule(function(action, subject) {
            if (subject.isInGroup("wheel")) { return polkit.Result.YES; }
          });
        '';
      };
    };

    environment.shellAliases = {
      # Sudo confirmation prompt
      sudo = pkgs.writeShellScript "sudo" ''
        read -p "Execute as root? [Y/n] "

        case "$REPLY" in
          "" | [Yy])
            command sudo "$@"
            ;;
          *)
            exit 1
            ;;
        esac
      '';
    };
  };
}
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`{`
nix: format with alejandra Signed-off-by: Myned <dev@bjork.tech> 2024-09-13 01:50:53 +00:00			`config,`
			`lib,`
sudo: add confirmation prompt Signed-off-by: Myned <dev@bjork.tech> 2024-12-07 01:44:03 +00:00			`pkgs,`
nix: format with alejandra Signed-off-by: Myned <dev@bjork.tech> 2024-09-13 01:50:53 +00:00			`...`
			`}:`
			`with lib; let`
			`cfg = config.custom.settings.security;`
			`in {`
			`options.custom.settings.security.enable = mkOption {default = false;};`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00
			`config = mkIf cfg.enable {`
			`# Bypass password prompts`
			`security = {`
sudo: explicitly enable module Signed-off-by: Myned <dev@bjork.tech> 2024-12-23 18:02:31 +00:00			`sudo = {`
			`enable = true;`
			`wheelNeedsPassword = false;`
			`};`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00
			`# https://wiki.nixos.org/wiki/Sway#Using_Home_Manager`
sudo: explicitly enable module Signed-off-by: Myned <dev@bjork.tech> 2024-12-23 18:02:31 +00:00			`# https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`polkit = {`
			`enable = true;`
			`extraConfig = ''`
			`polkit.addRule(function(action, subject) {`
			`if (subject.isInGroup("wheel")) { return polkit.Result.YES; }`
			`});`
			`'';`
			`};`
			`};`
sudo: add confirmation prompt Signed-off-by: Myned <dev@bjork.tech> 2024-12-07 01:44:03 +00:00
			`environment.shellAliases = {`
			`# Sudo confirmation prompt`
			`sudo = pkgs.writeShellScript "sudo" ''`
			`read -p "Execute as root? [Y/n] "`

			`case "$REPLY" in`
			`"" \| [Yy])`
			`command sudo "$@"`
			`;;`
			`*)`
			`exit 1`
			`;;`
			`esac`
			`'';`
			`};`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`};`
			`}`