feat: Make option between doas and sudo
This commit is contained in:
parent
df6e95108d
commit
8476d21c6b
|
@ -26,7 +26,6 @@
|
|||
};
|
||||
imports = [
|
||||
../components/desktop-environment.nix
|
||||
../components/programs/doas.nix
|
||||
../lwad
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
@ -49,12 +48,8 @@
|
|||
};
|
||||
programs = {
|
||||
bash.shellAliases = {
|
||||
keyboard-leds = "${
|
||||
if config.security.doas.enable then
|
||||
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
|
||||
else
|
||||
"${pkgs.sudo}/bin/sudo"
|
||||
} ${pkgs.g810-led}/bin/g810-led -a FF0000";
|
||||
keyboard-leds =
|
||||
"${config.lwad.definitions.sudoas.command} ${pkgs.g810-led}/bin/g810-led -a FF0000";
|
||||
rdiff =
|
||||
"rsync -nilrc --delete ryuko:Documents/ ~/Documents/ --exclude-from=/home/${config.lwad.definitions.username}/Documents/exclude";
|
||||
};
|
||||
|
|
|
@ -12,7 +12,10 @@
|
|||
../components/desktop-environment.nix
|
||||
../lwad
|
||||
];
|
||||
lwad.bootLoader.enable = false;
|
||||
lwad = {
|
||||
bootLoader.enable = false;
|
||||
definitions.sudoas.variant = "sudo";
|
||||
};
|
||||
networking.hostName = "asuna";
|
||||
programs = {
|
||||
bash.shellAliases = let
|
||||
|
@ -47,18 +50,13 @@
|
|||
"glone" = "${gitAuth} clone";
|
||||
"gull" = "${gitAuth} pull";
|
||||
"gush" = "${gitAuth} push";
|
||||
"ts" = "${
|
||||
if config.security.doas.enable then
|
||||
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
|
||||
else
|
||||
"${pkgs.sudo}/bin/sudo"
|
||||
} tailscale up --auth-key 'file:/home/${config.lwad.definitions.username}/Documents/tskey'";
|
||||
"ts" =
|
||||
"${config.lwad.definitions.sudoas.command} tailscale up --auth-key 'file:/home/${config.lwad.definitions.username}/Documents/tskey'";
|
||||
};
|
||||
tmux.extraConfigBeforePlugins = ''
|
||||
set-option -g status-right ""
|
||||
'';
|
||||
};
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
services = {
|
||||
logrotate.enable = false;
|
||||
unclutter-xfixes.enable = lib.mkForce false;
|
||||
|
|
|
@ -33,18 +33,13 @@
|
|||
|
||||
# Screenshot controls
|
||||
bindsym $mod+t exec --no-startup-id ${
|
||||
let
|
||||
runPrivileged = if config.security.doas.enable then
|
||||
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
|
||||
else
|
||||
"${pkgs.sudo}/bin/sudo";
|
||||
in pkgs.writeScript "power_mode_changer.sh" ''
|
||||
pkgs.writeScript "power_mode_changer.sh" ''
|
||||
case "$(echo -e "bat\next" | ${pkgs.rofi}/bin/rofi -dmenu -p "Power Mode" -i)" in
|
||||
battery)
|
||||
${runPrivileged} ${pkgs.tlp}/bin/tlp bat
|
||||
${config.lwad.definitions.sudoas.command} ${pkgs.tlp}/bin/tlp bat
|
||||
;;
|
||||
external)
|
||||
${runPrivileged} ${pkgs.tlp}/bin/tlp ac
|
||||
${config.lwad.definitions.sudoas.command} ${pkgs.tlp}/bin/tlp ac
|
||||
;;
|
||||
*)
|
||||
exit 1
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
security.doas = {
|
||||
enable = true;
|
||||
wheelNeedsPassword = false;
|
||||
};
|
||||
programs.bash.shellAliases.sudo = "doas";
|
||||
}
|
|
@ -1,11 +1,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
runPrivileged = if config.security.doas.enable then
|
||||
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
|
||||
else
|
||||
"${pkgs.sudo}/bin/sudo";
|
||||
in {
|
||||
{
|
||||
environment.systemPackages = with pkgs;
|
||||
[ # development
|
||||
gnumake
|
||||
|
@ -233,7 +228,7 @@ in {
|
|||
shellAliases = {
|
||||
base = ''cd "$(tmux list-panes -F "#{pane_start_path}" | head -n 1)"'';
|
||||
calculator = "(cd && R --save --quiet)";
|
||||
chvt = "${runPrivileged} ${pkgs.kbd}/bin/chvt";
|
||||
chvt = "${config.lwad.definitions.sudoas.command} ${pkgs.kbd}/bin/chvt";
|
||||
connected = ''
|
||||
ssh scc230@shinobu 'users="" && for tmux_client in $(tmux list-clients | cut -d ":" -f 1 | cut -d "/" --complement -f 1,2); do if [ -n "$users" ]; then users+="@"; fi && users+="$(tailscale whois --json "$(last | rg "still logged in" | rg "$tmux_client" | tr -s " " | cut -d " " -f 3)" | jq -r ".UserProfile.DisplayName")"; done && echo "$users"' | tr "@" "\n" | sort -u
|
||||
'';
|
||||
|
|
|
@ -2,12 +2,7 @@
|
|||
|
||||
with lib; {
|
||||
options.lwad.core.enable = mkEnableOption "core config";
|
||||
config = let
|
||||
cfg = config.lwad.core.enable;
|
||||
runPrivileged = if config.security.doas.enable then
|
||||
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
|
||||
else
|
||||
"${pkgs.sudo}/bin/sudo";
|
||||
config = let cfg = config.lwad.core.enable;
|
||||
in mkIf cfg {
|
||||
console = {
|
||||
keyMap = lib.mkForce "uk";
|
||||
|
@ -90,9 +85,10 @@ with lib; {
|
|||
cp = "cp -i";
|
||||
n = "nvim";
|
||||
nixos-status = "journalctl -xefu nixos-upgrade.service";
|
||||
nixos-upgrade = "${runPrivileged} systemctl start nixos-upgrade.service";
|
||||
nixos-upgrade =
|
||||
"${config.lwad.definitions.sudoas.command} systemctl start nixos-upgrade.service";
|
||||
nixos-upgrade-local =
|
||||
"${runPrivileged} nixos-rebuild switch --no-write-lock-file --recreate-lock-file --flake /etc/nixos/#";
|
||||
"${config.lwad.definitions.sudoas.command} nixos-rebuild switch --no-write-lock-file --recreate-lock-file --flake /etc/nixos/#";
|
||||
};
|
||||
services = {
|
||||
fstrim = {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib; {
|
||||
options.lwad.definitions = {
|
||||
|
@ -41,10 +41,36 @@ with lib; {
|
|||
type = types.path;
|
||||
};
|
||||
};
|
||||
sudoas = {
|
||||
command = mkOption {
|
||||
default = null;
|
||||
description = "Either the sudo or doas command.";
|
||||
type = types.str;
|
||||
};
|
||||
variant = mkOption {
|
||||
default = "doas";
|
||||
description = "Which of sudo or doas to use.";
|
||||
type = types.enum [ "doas" "sudo" ];
|
||||
};
|
||||
};
|
||||
username = mkOption {
|
||||
default = "lukew";
|
||||
description = "Username of the primary user.";
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
config = let cfg = config.lwad.definitions.sudoas.variant;
|
||||
in {
|
||||
lwad.definitions.sudoas.command = if (cfg == "doas") then
|
||||
"${config.security.wrapperDir}/${config.security.wrappers.doas.program}"
|
||||
else
|
||||
"${pkgs.sudo}/bin/sudo";
|
||||
security = {
|
||||
doas = mkIf (cfg == "doas") {
|
||||
enable = true;
|
||||
wheelNeedsPassword = false;
|
||||
};
|
||||
sudo.wheelNeedsPassword = mkIf (cfg == "sudo") false;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -27,7 +27,6 @@
|
|||
};
|
||||
imports = [
|
||||
../components/desktop-environment.nix
|
||||
../components/programs/doas.nix
|
||||
../components/programs/kmscon.nix
|
||||
../lwad
|
||||
./hardware-configuration.nix
|
||||
|
|
|
@ -8,7 +8,6 @@
|
|||
};
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../components/programs/doas.nix
|
||||
../components/programs/kmscon.nix
|
||||
../components/server/ci.nix
|
||||
../components/server/scc230.nix
|
||||
|
|
Loading…
Reference in New Issue