diff --git a/modules/security.nix b/modules/security.nix
new file mode 100644
index 0000000..49e74e0
--- /dev/null
+++ b/modules/security.nix
@@ -0,0 +1,22 @@
+{
+  environment.shellAliases = {
+    sudo = "sudo ";
+    #make run0 use aliases
+    run0 = "run0 --background='' ";
+    s = "run0";
+  };
+  security = {
+    sudo = {
+      execWheelOnly = true;
+      extraConfig = ''
+        Defaults timestamp_timeout=1
+        Defaults env_keep += "EDITOR VISUAL PAGER SYSTEMD_PAGERSECURE MANPAGER"
+        Defaults lecture = never
+      '';
+    };
+    pam.services.systemd-run0 = {
+      setEnvironment = true;
+      pamMount = false;
+    };
+  };
+}
diff --git a/modules/shell.nix b/modules/shell.nix
index 66799e7..fec62c2 100644
--- a/modules/shell.nix
+++ b/modules/shell.nix
@@ -18,10 +18,6 @@
       MANPAGER = "page -t man";
     };
     shellAliases = {
-      sudo = "sudo ";
-      #make run0 use aliases
-      run0 = "run0 --background='' ";
-      s = "run0";
       #paste link trick
       pastebin = "curl -F 'clbin=<-' https://clbin.com";
       termbin = "nc termbin.com 9999";
@@ -45,15 +41,6 @@
     interactiveShellInit = "fetch-rs";
   };
 
-  security.sudo = {
-    execWheelOnly = true;
-    extraConfig = ''
-      Defaults timestamp_timeout=1
-      Defaults env_keep += "EDITOR VISUAL PAGER SYSTEMD_PAGERSECURE MANPAGER"
-      Defaults lecture = never
-    '';
-  };
-
   #zsh stuff
   users.defaultUserShell = pkgs.zsh;
   programs = {