Doas: Difference between revisions
Add language bar |
Include git in Configuration codeblock for easy skimming. Adds boilerplate to add the pkgs reference, and formats sudo to be above doas for easier reading since both doas and sudo are 4 characters long. |
||
| Line 21: | Line 21: | ||
<translate> | <translate> | ||
<!--T:6--> | <!--T:6--> | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix">{ pkgs, ... }: { | ||
security. | security.sudo.enable = false; | ||
security. | |||
security.doas.extraRules = [{ | security.doas.enable = true; | ||
security.doas.extraRules = [{ | |||
users = ["foo"]; | |||
# Optional, retains environment variables while running commands | |||
# e.g. retains your NIX_PATH when applying your config | |||
keepEnv = true; | |||
}]; | persist = true; # Optional, don't ask for the password for some time, after a successfully authentication | ||
</syntaxhighlight> | }]; | ||
# If using a flakes-based configuration, you'll need `git` in your system packages for system rebuilds | |||
environment.systemPackages = [ pkgs.git ]; | |||
}</syntaxhighlight> | |||
</translate> | </translate> | ||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Security]] | [[Category:Security]] | ||
Revision as of 21:30, 20 October 2025
doas is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity. It is not recommended to use doas due to compatibility issues with sudo. Flake based configurations require git to be installed as a system package in order to rebuild.
Configuration
The following configuration will give the user foo the ability to execute commands as the super user via doas, while disabling the sudo command.
{ pkgs, ... }: {
security.sudo.enable = false;
security.doas.enable = true;
security.doas.extraRules = [{
users = ["foo"];
# Optional, retains environment variables while running commands
# e.g. retains your NIX_PATH when applying your config
keepEnv = true;
persist = true; # Optional, don't ask for the password for some time, after a successfully authentication
}];
# If using a flakes-based configuration, you'll need `git` in your system packages for system rebuilds
environment.systemPackages = [ pkgs.git ];
}