{ ... }: { security.sudo-rs = { enable = true; extraRules = [ { # Admin gets certain commands groups = [ "admin" ]; commands = [ "/run/current-system/sw/bin/nix" "/run/current-system/sw/bin/nh" "/run/current-system/sw/bin/nixos-rebuild" "/run/current-system/sw/bin/nixos-enter" "/run/current-system/sw/bin/nix-collect-garbage" "/run/current-system/sw/bin/nix-store" "/run/current-system/sw/bin/systemctl" "/run/current-system/sw/bin/pkill" "/run/current-system/sw/bin/dd" "/run/current-system/sw/bin/eject" "/run/current-system/sw/bin/vgchange" "/run/current-system/sw/bin/cp" "/run/current-system/sw/bin/ls" "/run/current-system/sw/bin/cat" "/run/current-system/sw/bin/mount" ]; } ]; }; }