christoph/flake-nixinator
1
Fork 0
Code Activity

security + sudo rules

Browse Source
This commit is contained in:
Christoph Urlacher
2022-08-08 01:54:40 +02:00
parent 9de7939cd4
commit ebc47164a1
1 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
nixos/configuration.nix
View File

@ -62,7 +62,29 @@
tmpOnTmpfs = true; tmpOnTmpfs = true;
}; };
security.protectKernelImage = true; security = {
protectKernelImage = true;
rtkit.enable = true;
polkit.enable = true;
sudo.enable = true;
sudo.extraRules = [
{
users = [ "christoph" ];
commands = [
{
command = "/etc/profiles/per-user/christoph/bin/gamemoderun";
options = [ "SETENV" "NOPASSWD" ];
}
# We allow running flatpak without password so flatpaks can be installed from the hm config (needs sudo)
{
command = "/run/current-system/sw/bin/flatpak";
options = [ "SETENV" "NOPASSWD" ];
}
];
}
];
};
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
@ -154,7 +176,6 @@
# Enable sound with pipewire. # Enable sound with pipewire.
sound.enable = true; sound.enable = true;
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
@ -289,7 +310,6 @@
autoPrune.enable = true; autoPrune.enable = true;
}; };
security.polkit.enable = true;
virtualisation.libvirtd = { enable = true; }; virtualisation.libvirtd = { enable = true; };
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default