lwad
/
nixos
1
0
Fork 0
Code Issues Activity

feat: Make option between doas and sudo

This commit is contained in:
lwad 2024-03-22 21:05:58 +00:00
parent df6e95108d
commit 8476d21c6b
9 changed files with 44 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
akame/default.nix
View File

@ -26,7 +26,6 @@
};
imports = [
../components/desktop-environment.nix
../components/programs/doas.nix
../lwad
./hardware-configuration.nix
];
@ -49,12 +48,8 @@
};
programs = {
bash.shellAliases = {
keyboard-leds = "${
if config.security.doas.enable then
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
else
"${pkgs.sudo}/bin/sudo"
} ${pkgs.g810-led}/bin/g810-led -a FF0000";
keyboard-leds =
"${config.lwad.definitions.sudoas.command} ${pkgs.g810-led}/bin/g810-led -a FF0000";
rdiff =
"rsync -nilrc --delete ryuko:Documents/ ~/Documents/ --exclude-from=/home/${config.lwad.definitions.username}/Documents/exclude";
};

14
asuna/default.nix
View File

@ -12,7 +12,10 @@
../components/desktop-environment.nix
../lwad
];
lwad.bootLoader.enable = false;
lwad = {
bootLoader.enable = false;
definitions.sudoas.variant = "sudo";
};
networking.hostName = "asuna";
programs = {
bash.shellAliases = let
@ -47,18 +50,13 @@
"glone" = "${gitAuth} clone";
"gull" = "${gitAuth} pull";
"gush" = "${gitAuth} push";
"ts" = "${
if config.security.doas.enable then
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
else
"${pkgs.sudo}/bin/sudo"
} tailscale up --auth-key 'file:/home/${config.lwad.definitions.username}/Documents/tskey'";
"ts" =
"${config.lwad.definitions.sudoas.command} tailscale up --auth-key 'file:/home/${config.lwad.definitions.username}/Documents/tskey'";
};
tmux.extraConfigBeforePlugins = ''
set-option -g status-right ""
'';
};
security.sudo.wheelNeedsPassword = false;
services = {
logrotate.enable = false;
unclutter-xfixes.enable = lib.mkForce false;

11
components/i3/ryuko.nix
View File

@ -33,18 +33,13 @@
# Screenshot controls
bindsym $mod+t exec --no-startup-id ${
let
runPrivileged = if config.security.doas.enable then
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
else
"${pkgs.sudo}/bin/sudo";
in pkgs.writeScript "power_mode_changer.sh" ''
pkgs.writeScript "power_mode_changer.sh" ''
case "$(echo -e "bat\next" | ${pkgs.rofi}/bin/rofi -dmenu -p "Power Mode" -i)" in
battery)
${runPrivileged} ${pkgs.tlp}/bin/tlp bat
${config.lwad.definitions.sudoas.command} ${pkgs.tlp}/bin/tlp bat
;;
external)
${runPrivileged} ${pkgs.tlp}/bin/tlp ac
${config.lwad.definitions.sudoas.command} ${pkgs.tlp}/bin/tlp ac
;;
*)
exit 1

9
components/programs/doas.nix
View File

@ -1,9 +0,0 @@
{ ... }:
{
security.doas = {
enable = true;
wheelNeedsPassword = false;
};
programs.bash.shellAliases.sudo = "doas";
}

9
configuration.nix
View File

@ -1,11 +1,6 @@
{ config, lib, pkgs, ... }:
let
runPrivileged = if config.security.doas.enable then
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
else
"${pkgs.sudo}/bin/sudo";
in {
{
environment.systemPackages = with pkgs;
[ # development
gnumake
@ -233,7 +228,7 @@ in {
shellAliases = {
base = ''cd "$(tmux list-panes -F "#{pane_start_path}" | head -n 1)"'';
calculator = "(cd && R --save --quiet)";
chvt = "${runPrivileged} ${pkgs.kbd}/bin/chvt";
chvt = "${config.lwad.definitions.sudoas.command} ${pkgs.kbd}/bin/chvt";
connected = ''
ssh scc230@shinobu 'users="" && for tmux_client in $(tmux list-clients | cut -d ":" -f 1 | cut -d "/" --complement -f 1,2); do if [ -n "$users" ]; then users+="@"; fi && users+="$(tailscale whois --json "$(last | rg "still logged in" | rg "$tmux_client" | tr -s " " | cut -d " " -f 3)" | jq -r ".UserProfile.DisplayName")"; done && echo "$users"' | tr "@" "\n" | sort -u
'';

12
lwad/core.nix
View File

@ -2,12 +2,7 @@
with lib; {
options.lwad.core.enable = mkEnableOption "core config";
config = let
cfg = config.lwad.core.enable;
runPrivileged = if config.security.doas.enable then
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
else
"${pkgs.sudo}/bin/sudo";
config = let cfg = config.lwad.core.enable;
in mkIf cfg {
console = {
keyMap = lib.mkForce "uk";
@ -90,9 +85,10 @@ with lib; {
cp = "cp -i";
n = "nvim";
nixos-status = "journalctl -xefu nixos-upgrade.service";
nixos-upgrade = "${runPrivileged} systemctl start nixos-upgrade.service";
nixos-upgrade =
"${config.lwad.definitions.sudoas.command} systemctl start nixos-upgrade.service";
nixos-upgrade-local =
"${runPrivileged} nixos-rebuild switch --no-write-lock-file --recreate-lock-file --flake /etc/nixos/#";
"${config.lwad.definitions.sudoas.command} nixos-rebuild switch --no-write-lock-file --recreate-lock-file --flake /etc/nixos/#";
};
services = {
fstrim = {

28
lwad/definitions/default.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }:
{ config, lib, ... }:
with lib; {
options.lwad.definitions = {
@ -41,10 +41,36 @@ with lib; {
type = types.path;
};
};
sudoas = {
command = mkOption {
default = null;
description = "Either the sudo or doas command.";
type = types.str;
};
variant = mkOption {
default = "doas";
description = "Which of sudo or doas to use.";
type = types.enum [ "doas" "sudo" ];
};
};
username = mkOption {
default = "lukew";
description = "Username of the primary user.";
type = types.str;
};
};
config = let cfg = config.lwad.definitions.sudoas.variant;
in {
lwad.definitions.sudoas.command = if (cfg == "doas") then
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
else
"${pkgs.sudo}/bin/sudo";
security = {
doas = mkIf (cfg == "doas") {
enable = true;
wheelNeedsPassword = false;
};
sudo.wheelNeedsPassword = mkIf (cfg == "sudo") false;
};
};
}

1
ryuko/default.nix
View File

@ -27,7 +27,6 @@
};
imports = [
../components/desktop-environment.nix
../components/programs/doas.nix
../components/programs/kmscon.nix
../lwad
./hardware-configuration.nix

1
shinobu/default.nix
View File

@ -8,7 +8,6 @@
};
imports = [
./hardware-configuration.nix
../components/programs/doas.nix
../components/programs/kmscon.nix
../components/server/ci.nix
../components/server/scc230.nix