mirror of
https://github.com/Ahwxorg/nixos-config.git
synced 2025-12-04 15:00:13 +01:00
58 lines
1.6 KiB
Nix
58 lines
1.6 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
username,
|
|
...
|
|
}:
|
|
{
|
|
security = {
|
|
rtkit.enable = true;
|
|
pam.services.swaylock = { };
|
|
auditd.enable = true;
|
|
audit = {
|
|
enable = true;
|
|
rules = [
|
|
"-a exit,always -F arch=b64 -S execve"
|
|
];
|
|
};
|
|
|
|
sudo = {
|
|
enable = true;
|
|
execWheelOnly = true;
|
|
extraRules = [
|
|
{
|
|
groups = [ "wheel" ];
|
|
commands = [
|
|
{
|
|
command = "/etc/profiles/per-user/liv/bin/systemctl";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
{
|
|
command = "/run/current-system/sw/bin/framework_tool --privacy";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
package = (pkgs.sudo.override { withInsults = false; }).overrideAttrs (old: {
|
|
postPatch =
|
|
(old.postPatch or "")
|
|
+ ''
|
|
substituteInPlace plugins/sudoers/logging.c \
|
|
--replace "This incident has been reported to the administrator." "o-oops, ${username} is in trouble" \
|
|
--replace "incorrect password attempts" "nuu silly, try again ~ >.< ~" \
|
|
--replace "incorrect password attempt" "nuu silly, try again ~ >.< ~" \
|
|
--replace "authentication failure" "oepsie woepsie alles is stukkie wukkie :3" \
|
|
--replace "a password is required" "no password? 😭\n"
|
|
'';
|
|
configureFlags =
|
|
(builtins.filter (x: !(lib.strings.hasPrefix x "--with-passprompt=")) old.configureFlags)
|
|
++ [
|
|
"--with-badpass-message=try again silly"
|
|
"--with-passprompt=is password for me? 🥺"
|
|
];
|
|
});
|
|
};
|
|
};
|
|
}
|