shell.nix: split sudo/run0 to security.nix

fix run0 pam auth
2025-12-10 00:43:56 -05:00 · 2024-12-11 20:14:54 -05:00 · 2024-12-11 20:14:54 -05:00 · 0623dd11e1
commit 0623dd11e1
parent 4590349ac2
2 changed files with 22 additions and 13 deletions
--- a/modules/security.nix
+++ b/modules/security.nix
@ -0,0 +1,22 @@
+{
+  environment.shellAliases = {
+    sudo = "sudo ";
+    #make run0 use aliases
+    run0 = "run0 --background='' ";
+    s = "run0";
+  };
+  security = {
+    sudo = {
+      execWheelOnly = true;
+      extraConfig = ''
+        Defaults timestamp_timeout=1
+        Defaults env_keep += "EDITOR VISUAL PAGER SYSTEMD_PAGERSECURE MANPAGER"
+        Defaults lecture = never
+      '';
+    };
+    pam.services.systemd-run0 = {
+      setEnvironment = true;
+      pamMount = false;
+    };
+  };
+}
--- a/modules/shell.nix
+++ b/modules/shell.nix
@ -18,10 +18,6 @@
      MANPAGER = "page -t man";
    };
    shellAliases = {
-      sudo = "sudo ";
-      #make run0 use aliases
-      run0 = "run0 --background='' ";
-      s = "run0";
      #paste link trick
      pastebin = "curl -F 'clbin=<-' https://clbin.com";
      termbin = "nc termbin.com 9999";
@ -45,15 +41,6 @@
    interactiveShellInit = "fetch-rs";
  };

-  security.sudo = {
-    execWheelOnly = true;
-    extraConfig = ''
-      Defaults timestamp_timeout=1
-      Defaults env_keep += "EDITOR VISUAL PAGER SYSTEMD_PAGERSECURE MANPAGER"
-      Defaults lecture = never
-    '';
-  };
-
  #zsh stuff
  users.defaultUserShell = pkgs.zsh;
  programs = {