21 lines
386 B
Nix
21 lines
386 B
Nix
let
|
|
commandsWithoutPassword = [
|
|
"/run/current-system/sw/bin/systemctl restart tor.service"
|
|
];
|
|
in
|
|
{
|
|
security.sudo = {
|
|
execWheelOnly = true;
|
|
extraRules = [
|
|
{
|
|
groups = [ "wheel" ];
|
|
commands = map
|
|
(cmd: {
|
|
command = cmd;
|
|
options = [ "NOPASSWD" ];
|
|
})
|
|
commandsWithoutPassword;
|
|
}
|
|
];
|
|
};
|
|
}
|