From fd85a0ca47a0dc52c1eacc28806a682d95e056ee Mon Sep 17 00:00:00 2001
From: ulic-youthlic <ulic.youthlic@gmail.com>
Date: Wed, 2 Jul 2025 13:57:46 +0800
Subject: [PATCH] security(sudo): Use sudo-rs instead of sudo since
 CVE-2025-32463

---
 nixos/modules/programs/default.nix | 1 +
 nixos/modules/programs/sudo-rs.nix | 7 +++++++
 2 files changed, 8 insertions(+)
 create mode 100644 nixos/modules/programs/sudo-rs.nix

diff --git a/nixos/modules/programs/default.nix b/nixos/modules/programs/default.nix
index 62986ad..b07ed8c 100644
--- a/nixos/modules/programs/default.nix
+++ b/nixos/modules/programs/default.nix
@@ -27,5 +27,6 @@
     ./wshowkeys.nix
     ./bash.nix
     ./obs.nix
+    ./sudo-rs.nix
   ];
 }
diff --git a/nixos/modules/programs/sudo-rs.nix b/nixos/modules/programs/sudo-rs.nix
new file mode 100644
index 0000000..e76a13a
--- /dev/null
+++ b/nixos/modules/programs/sudo-rs.nix
@@ -0,0 +1,7 @@
+{
+  security.sudo-rs = {
+    enable = true;
+    execWheelOnly = true;
+    wheelNeedsPassword = true;
+  };
+}