From 0623dd11e1ec4ac9a9d873615b1564d6a0ac0683 Mon Sep 17 00:00:00 2001
From: Gerg-L <GregLeyda@proton.me>
Date: Wed, 11 Dec 2024 20:14:54 -0500
Subject: [PATCH] shell.nix: split sudo/run0 to security.nix

fix run0 pam auth
---
 modules/security.nix | 22 ++++++++++++++++++++++
 modules/shell.nix    | 13 -------------
 2 files changed, 22 insertions(+), 13 deletions(-)
 create mode 100644 modules/security.nix

diff --git a/modules/security.nix b/modules/security.nix
new file mode 100644
index 0000000..49e74e0
--- /dev/null
+++ b/modules/security.nix
@@ -0,0 +1,22 @@
+{
+  environment.shellAliases = {
+    sudo = "sudo ";
+    #make run0 use aliases
+    run0 = "run0 --background='' ";
+    s = "run0";
+  };
+  security = {
+    sudo = {
+      execWheelOnly = true;
+      extraConfig = ''
+        Defaults timestamp_timeout=1
+        Defaults env_keep += "EDITOR VISUAL PAGER SYSTEMD_PAGERSECURE MANPAGER"
+        Defaults lecture = never
+      '';
+    };
+    pam.services.systemd-run0 = {
+      setEnvironment = true;
+      pamMount = false;
+    };
+  };
+}
diff --git a/modules/shell.nix b/modules/shell.nix
index 66799e7..fec62c2 100644
--- a/modules/shell.nix
+++ b/modules/shell.nix
@@ -18,10 +18,6 @@
       MANPAGER = "page -t man";
     };
     shellAliases = {
-      sudo = "sudo ";
-      #make run0 use aliases
-      run0 = "run0 --background='' ";
-      s = "run0";
       #paste link trick
       pastebin = "curl -F 'clbin=<-' https://clbin.com";
       termbin = "nc termbin.com 9999";
@@ -45,15 +41,6 @@
     interactiveShellInit = "fetch-rs";
   };
 
-  security.sudo = {
-    execWheelOnly = true;
-    extraConfig = ''
-      Defaults timestamp_timeout=1
-      Defaults env_keep += "EDITOR VISUAL PAGER SYSTEMD_PAGERSECURE MANPAGER"
-      Defaults lecture = never
-    '';
-  };
-
   #zsh stuff
   users.defaultUserShell = pkgs.zsh;
   programs = {