global/security: replace ssh agent auth with passwordless sudo

2024-04-28 19:12:49 -04:00 · 2024-04-28 19:12:49 -04:00 · 180bcfa3ff
commit 180bcfa3ff
parent 001068b1f0
1 changed files with 1 additions and 5 deletions
--- a/modules/global/security.nix
+++ b/modules/global/security.nix
@ -3,6 +3,7 @@ with lib;
 {
  # Security settings based on https://github.com/hlissner/dotfiles/blob/master/modules/security.nix
  security = {
+    sudo.wheelNeedsPassword = false;
    sudo.extraConfig = ''
      Defaults lecture=never
    '';
@ -14,11 +15,6 @@ with lib;
        environmentFile = config.secrets.cloudflare;
      };
    };
-
-    pam.sshAgentAuth = {
-      enable = true;
-      authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
-    };
  };

  hardware = {