From 8cd339297baf46aba6f6d297bfd6f55a43f78731 Mon Sep 17 00:00:00 2001
From: "Wyatt J. Miller" <wyatt@wyattjmiller.com>
Date: Tue, 15 Apr 2025 19:51:21 -0400
Subject: [PATCH] added sudoers file, imported to common users

---
 modules/common/users.nix   |  4 ++++
 modules/security/README.md |  3 +++
 modules/security/sudo.nix  | 25 +++++++++++++++++++++++++
 3 files changed, 32 insertions(+)
 create mode 100644 modules/security/README.md
 create mode 100644 modules/security/sudo.nix

diff --git a/modules/common/users.nix b/modules/common/users.nix
index 5d65284..0051e3f 100644
--- a/modules/common/users.nix
+++ b/modules/common/users.nix
@@ -5,6 +5,10 @@
   hostname,
   ...
 } @ args: {
+  imports = [
+    ../security/sudo.nix
+  ];
+
   networking.hostName = hostname;
 
   # Don't forget to set a password with ‘passwd’!
diff --git a/modules/security/README.md b/modules/security/README.md
new file mode 100644
index 0000000..51e9735
--- /dev/null
+++ b/modules/security/README.md
@@ -0,0 +1,3 @@
+# Security modules
+
+These are modules relating to security and security-related programs
diff --git a/modules/security/sudo.nix b/modules/security/sudo.nix
new file mode 100644
index 0000000..9f0b04f
--- /dev/null
+++ b/modules/security/sudo.nix
@@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; {
+  options = {
+    security.sudo = {
+      wheelNeedsPassword = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Whether users in the wheel group need to provide a password for sudo.";
+      };
+    };
+  };
+
+  config = {
+    environment.etc."sudoers.d/wheel-no-password" = mkIf (!config.security.sudo.wheelNeedsPassword) {
+      text = ''
+        %wheel ALL=(ALL) NOPASSWD: ALL
+      '';
+      # mode = "0440";
+    };
+  };
+}