NixOS-Config/modules/system/programs/security/privilege/default.nix

32 lines
895 B
Nix

{ ... }:
{
security.sudo-rs = {
enable = true;
extraRules = [
{ # Admin gets certain commands
groups = [ "admin" ];
commands = [
"/run/current-system/sw/bin/nix"
"/run/current-system/sw/bin/nh"
"/run/current-system/sw/bin/nixos-rebuild"
"/run/current-system/sw/bin/nixos-enter"
"/run/current-system/sw/bin/nix-collect-garbage"
"/run/current-system/sw/bin/nix-store"
"/run/current-system/sw/bin/systemctl"
"/run/current-system/sw/bin/pkill"
"/run/current-system/sw/bin/dd"
"/run/current-system/sw/bin/eject"
"/run/current-system/sw/bin/vgchange"
"/run/current-system/sw/bin/cp"
"/run/current-system/sw/bin/ls"
"/run/current-system/sw/bin/cat"
"/run/current-system/sw/bin/mount"
];
}
];
};
}