Add Hyprland, attempt generalization

2024-12-08 06:41:06 -05:00 · 2024-12-08 06:41:06 -05:00 · a0cc623c4b
commit a0cc623c4b
parent 590430f296
57 changed files with 634 additions and 385 deletions
--- a/modules/system/programs/desktops/default.nix
+++ b/modules/system/programs/desktops/default.nix
@ -3,7 +3,8 @@
  programs = {
    sway.enable = config.system.desktop.enable;
    niri.enable = config.system.desktop.enable;
-    xwayland.enable = false;
+    hyprland.enable = config.system.desktop.enable;
+    xwayland.enable = lib.mkForce true;
  };

  services.dbus.enable = config.system.desktop.enable;
--- a/modules/system/programs/security/default.nix
+++ b/modules/system/programs/security/default.nix
@ -2,8 +2,8 @@
 {
  imports = [
    ./apparmor
-    ./doas
    ./polkit
+    ./privilege
    ./rtprio
  ];
 }
--- a/modules/system/programs/security/doas/default.nix
+++ b/modules/system/programs/security/doas/default.nix
@ -1,16 +0,0 @@
-{ ... }:
-{
-  security = {
-    sudo.enable = false;
-    doas = {
-      enable = true;
-      extraRules = [
-        { # Give wheel root access
-          groups = [ "wheel" ];
-          keepEnv = true;
-          persist = true;
-        }
-      ];
-    };
-  };
-}
--- a/modules/system/programs/security/privilege/default.nix
+++ b/modules/system/programs/security/privilege/default.nix
@ -0,0 +1,31 @@
+{ ... }:
+{
+  security.sudo-rs = {
+    enable = true;
+    extraRules = [
+      { # Admin gets certain commands
+        groups = [ "admin" ];
+        commands = [
+          "/run/current-system/sw/bin/nix"
+          "/run/current-system/sw/bin/nh"
+          "/run/current-system/sw/bin/nixos-rebuild"
+          "/run/current-system/sw/bin/nixos-enter"
+          "/run/current-system/sw/bin/nix-collect-garbage"
+          "/run/current-system/sw/bin/nix-store"
+
+          "/run/current-system/sw/bin/systemctl"
+          "/run/current-system/sw/bin/pkill"
+
+          "/run/current-system/sw/bin/dd"
+          "/run/current-system/sw/bin/eject"
+          "/run/current-system/sw/bin/vgchange"
+
+          "/run/current-system/sw/bin/cp"
+          "/run/current-system/sw/bin/ls"
+          "/run/current-system/sw/bin/cat"
+          "/run/current-system/sw/bin/mount"
+        ];
+      }
+    ];
+  };
+}
--- a/modules/system/programs/security/privilege/default.nix~
+++ b/modules/system/programs/security/privilege/default.nix~
@ -0,0 +1,31 @@
+{ ... }:
+{
+  security.sudo-rs = {
+    enable = true;
+    extraRules = [
+      { # Admin gets certain commands
+        groups = [ "admin" ];
+        commands = [
+          "/run/current-system/sw/bin/nix"
+          "/run/current-system/sw/bin/nh"
+          "/run/current-system/sw/bin/nixos-rebuild"
+          "/run/current-system/sw/bin/nixos-enter"
+          "/run/current-system/sw/bin/nix-collect-garbage"
+          "/run/current-system/sw/bin/nix-store"
+
+          "/run/current-system/sw/bin/systemctl"
+          "/run/current-system/sw/bin/pkill"
+
+          "/run/current-system/sw/bin/dd"
+          "/run/current-system/sw/bin/eject"
+          "/run/current-system/sw/bin/vgchange"
+
+          "/run/current-system/sw/bin/cp"
+          "/run/current-system/sw/bin/ls"
+          "/run/current-system/sw/bin/cat"
+          "/run/current-system/sw/bin/mount"
+        ];
+      }
+    ];
+  };
+}