Dont allow passwordless sudo on work host :)

2 files changed, 4 insertions, 3 deletions

diff --git a/configuration/core/users.nix b/configuration/core/users.nix
index ec12a9f..b1a30ed 100644
--- a/configuration/core/users.nix
+++ b/configuration/core/users.nix
@@ -2,8 +2,8 @@
 {
   programs.zsh.enable = true;
 
-  security.sudo.execWheelOnly = true;
-  security.sudo.wheelNeedsPassword = false;
+  security.sudo.execWheelOnly = lib.mkDefault true;
+  security.sudo.wheelNeedsPassword = lib.mkDefault false;
 
   users.users.jras = {
     createHome = true;
diff --git a/configuration/work/default.nix b/configuration/work/default.nix
index 322f5bf..5c94b84 100644
--- a/configuration/work/default.nix
+++ b/configuration/work/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ lib, pkgs, ... }:
 {
   imports = [
     ../core
@@ -13,6 +13,7 @@
   system.stateVersion = "24.05"; # Do NOT change before reading configuration.nix
 
   users.users.jras.extraGroups = [ "networkmanager" "docker" ];
+  security.sudo.wheelNeedsPassword = lib.mkForce true;
 
   time.timeZone = "Europe/Amsterdam";