modules/doas.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

{ config, pkgs, ... }:
{
  security.sudo.enable = false;
  security.doas = {
    enable = true;
    wheelNeedsPassword = false;
    extraRules = [{
      groups = [ "wheel" ];
      noPass = true;
      # keepEnv = true;
      # I need to set NIX_PATH explicitly, since my user and root use different paths
      setEnv = [ "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels" ];
    }];
  };
  environment.shellAliases = {
    sudo = "doas";
  };
  environment.systemPackages = [
    (pkgs.linkFarm "sudo" [ {
      name = "bin/sudo";
      path = "${config.security.wrapperDir}/doas";
    }])
  ];
}