From 9bca2d6940c5cecf5f376d99c4b2d9373d58a35f Mon Sep 17 00:00:00 2001 From: kat witch Date: Thu, 9 Sep 2021 20:46:41 +0100 Subject: [PATCH] profiles/base: further wheel allows --- config/hosts/daiyousei.nix | 7 ------- config/profiles/base/access.nix | 9 +++++++++ config/profiles/hardware/oracle/common.nix | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/config/hosts/daiyousei.nix b/config/hosts/daiyousei.nix index b12a7764..cac676a2 100644 --- a/config/hosts/daiyousei.nix +++ b/config/hosts/daiyousei.nix @@ -22,13 +22,6 @@ }; }; - network = { - yggdrasil = { - enable = true; - pubkey = "89771aa2f15fce6bbc3548f95be360cf59657d299837b10adf53944b54e8f121"; - }; - }; - services.nginx.virtualHosts = let splashy = pkgs.host-splash-site config.networking.hostName; diff --git a/config/profiles/base/access.nix b/config/profiles/base/access.nix index bfa49b05..eaed6ec1 100644 --- a/config/profiles/base/access.nix +++ b/config/profiles/base/access.nix @@ -3,11 +3,20 @@ { security.sudo.wheelNeedsPassword = lib.mkForce false; + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (subject.isInGroup("wheel")) { + return polkit.Result.YES; + } + }); + ''; + imports = with meta; [ users.kat.base ]; users.users.root = { + shell = pkgs.zsh; hashedPassword = "$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB."; openssh.authorizedKeys.keys = with pkgs.lib; diff --git a/config/profiles/hardware/oracle/common.nix b/config/profiles/hardware/oracle/common.nix index c2deb6cf..57990c45 100644 --- a/config/profiles/hardware/oracle/common.nix +++ b/config/profiles/hardware/oracle/common.nix @@ -92,7 +92,7 @@ in in { enable = true; - nixos.ipv6.address = mkIf (tf.state.resources ? ${tf.resources.${config.networking.hostName}.out.reference}) addr_ipv6_nix; + nixos.ipv6.address = mkIf tf.state.enable addr_ipv6_nix; tf.ipv6.address = tf.resources."${config.networking.hostName}_ipv6".refAttr "ip_address"; }; };