security(sudo): Use sudo-rs instead of sudo since CVE-2025-32463

2025-07-02 13:57:46 +08:00 · 2025-07-02 13:57:46 +08:00 · 119897a545
commit 119897a545
parent 9e7124071b
2 changed files with 8 additions and 0 deletions
--- a/nixos/modules/programs/default.nix
+++ b/nixos/modules/programs/default.nix
@ -27,5 +27,6 @@
    ./wshowkeys.nix
    ./bash.nix
    ./obs.nix
+    ./sudo-rs.nix
  ];
 }
--- a/nixos/modules/programs/sudo-rs.nix
+++ b/nixos/modules/programs/sudo-rs.nix
@ -0,0 +1,7 @@
+{
+  security.sudo-rs = {
+    enable = true;
+    execWheelOnly = true;
+    wheelNeedsPassword = true;
+  };
+}