32 lines
895 B
Nix
32 lines
895 B
Nix
{ ... }:
|
|
{
|
|
security.sudo-rs = {
|
|
enable = true;
|
|
extraRules = [
|
|
{ # Admin gets certain commands
|
|
groups = [ "admin" ];
|
|
commands = [
|
|
"/run/current-system/sw/bin/nix"
|
|
"/run/current-system/sw/bin/nh"
|
|
"/run/current-system/sw/bin/nixos-rebuild"
|
|
"/run/current-system/sw/bin/nixos-enter"
|
|
"/run/current-system/sw/bin/nix-collect-garbage"
|
|
"/run/current-system/sw/bin/nix-store"
|
|
|
|
"/run/current-system/sw/bin/systemctl"
|
|
"/run/current-system/sw/bin/pkill"
|
|
|
|
"/run/current-system/sw/bin/dd"
|
|
"/run/current-system/sw/bin/eject"
|
|
"/run/current-system/sw/bin/vgchange"
|
|
|
|
"/run/current-system/sw/bin/cp"
|
|
"/run/current-system/sw/bin/ls"
|
|
"/run/current-system/sw/bin/cat"
|
|
"/run/current-system/sw/bin/mount"
|
|
];
|
|
}
|
|
];
|
|
};
|
|
}
|