34 lines
728 B
Nix
34 lines
728 B
Nix
{config, ...}: {
|
|
security.doas = {
|
|
enable = true;
|
|
extraRules = [
|
|
{
|
|
groups = ["wheel"];
|
|
persist = true;
|
|
}
|
|
{
|
|
groups = ["wheel"];
|
|
noPass = true;
|
|
cmd = "journalctl";
|
|
}
|
|
];
|
|
};
|
|
security.polkit.enable = true;
|
|
services.physlock = {
|
|
enable = true;
|
|
allowAnyUser = true;
|
|
};
|
|
sops.defaultSopsFile = ../secrets/secrets.yaml;
|
|
sops.defaultSopsFormat = "yaml";
|
|
sops.age.keyFile = "/home/ahnwuoa/.config/sops/age/keys.txt";
|
|
sops.secrets = {
|
|
passwd = {};
|
|
root-passwd = {};
|
|
pool-credentials = {
|
|
uid = 1000;
|
|
};
|
|
porkbun-credentials = {};
|
|
};
|
|
users.users.root.hashedPasswordFile = config.sops.secrets.root-passwd.path;
|
|
}
|