[nix] Rework doas config to use proper rules instead of config + add Gulasch
This commit is contained in:
parent
f24d923980
commit
53ce197917
|
@ -50,11 +50,32 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
security.doas.enable = true;
|
security.doas.enable = true;
|
||||||
security.doas.extraConfig = "permit nopass bascht as root cmd /run/current-system/sw/bin/openvpn";
|
|
||||||
security.doas.extraRules = [{
|
security.doas.extraRules = [{
|
||||||
users = [ "bascht" ];
|
users = [ "bascht" ];
|
||||||
keepEnv = true;
|
keepEnv = true;
|
||||||
persist = true;
|
persist = true;
|
||||||
|
}{
|
||||||
|
users = [ "bascht" ];
|
||||||
|
keepEnv = true;
|
||||||
|
noPass = true;
|
||||||
|
cmd = "/run/current-system/sw/bin/openvpn";
|
||||||
|
}{
|
||||||
|
}{
|
||||||
|
users = [ "bascht" ];
|
||||||
|
keepEnv = true;
|
||||||
|
noPass = true;
|
||||||
|
cmd = "/run/current-system/sw/bin/cryptsetup";
|
||||||
|
}{
|
||||||
|
users = [ "bascht" ];
|
||||||
|
noPass = true;
|
||||||
|
cmd = "/run/current-system/sw/bin/cryptsetup";
|
||||||
|
args = ["luksOpen" "/dev/disk/by-partlabel/Gulasch" "Gulasch"];
|
||||||
|
}{
|
||||||
|
users = [ "bascht" ];
|
||||||
|
noPass = true;
|
||||||
|
cmd = "/run/wrappers/bin/mount";
|
||||||
|
args = ["/dev/mapper/Gulasch" "/mnt/Gulasch"];
|
||||||
}];
|
}];
|
||||||
security.pam.loginLimits = [
|
security.pam.loginLimits = [
|
||||||
{ domain = "@users"; item = "nofile"; type = "soft"; value = "4096"; }
|
{ domain = "@users"; item = "nofile"; type = "soft"; value = "4096"; }
|
||||||
|
|
Loading…
Reference in New Issue