andy/linux-nixos-hyprland-config-dotfiles
Template
1
0
Fork 0
mirror of https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles.git synced 2025-09-15 09:45:58 +03:00
Code Activity

🔒 feat(security): replace sudo with sudo-rs

Browse Source 
- Enable `sudo-rs` with wheel-only execution
- Disable legacy `sudo`
- Update AppArmor and U2F configs for `sudo-rs`
- Update Yubikey U2F auth for `sudo-rs`
This commit is contained in:
xnm
2025-05-18 03:40:44 +03:00
parent 952fb7f7c1
commit 33aa287e12
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/security-services.nix
View File

@@ -10,6 +10,11 @@
# }; # };
# Enable Security Services # Enable Security Services
security.sudo-rs = {
enable = true;
execWheelOnly = true;
};
security.sudo.enable = false;
users.users.root.hashedPassword = "!"; users.users.root.hashedPassword = "!";
security.tpm2 = { security.tpm2 = {
enable = true; enable = true;
@@ -28,7 +33,7 @@
security.pam.services = { security.pam.services = {
login.enableAppArmor = true; login.enableAppArmor = true;
sshd.enableAppArmor = true; sshd.enableAppArmor = true;
sudo.enableAppArmor = true; sudo-rs.enableAppArmor = true;
su.enableAppArmor = true; su.enableAppArmor = true;
greetd.enableAppArmor = true; greetd.enableAppArmor = true;
u2f.enableAppArmor = true; u2f.enableAppArmor = true;

2
nixos/yubikey.nix
View File

@@ -14,7 +14,7 @@
security.pam.services = { security.pam.services = {
greetd.u2fAuth = true; greetd.u2fAuth = true;
sudo.u2fAuth = true; sudo-rs.u2fAuth = true;
hyprlock.u2fAuth = true; hyprlock.u2fAuth = true;
}; };