From 34ba9c0f550dc3080f0a8c5e1c5fb5955bc1b445 Mon Sep 17 00:00:00 2001
From: Dmitriy Pleshevskiy <dmitriy@pleshevski.ru>
Date: Sun, 29 Sep 2024 17:07:33 +0300
Subject: [PATCH] Revert "modules: improve settings to configure nopasswd
 commands"

This reverts commit a501f2ea16b66fea82f3fb58f951d34787a8458d.
---
 modules/machine.nix                               | 10 ++++++++++
 modules/nixos/configs/default.nix                 |  1 -
 modules/nixos/programs/browsers/default.nix       |  2 --
 modules/nixos/programs/communication/skype.nix    |  2 --
 modules/nixos/programs/communication/telegram.nix |  2 --
 5 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/modules/machine.nix b/modules/machine.nix
index 6a56c2b..70d53ce 100644
--- a/modules/machine.nix
+++ b/modules/machine.nix
@@ -36,4 +36,14 @@
   local.programs.pass.enable = lib.mkDefault true;
 
   local.programs.browsers.librewolf.enable = lib.mkDefault true;
+
+  security.sudo.extraRules = [{
+    commands = [
+      {
+        command = "/run/current-system/sw/bin/nixos-container";
+        options = [ "NOPASSWD" ];
+      }
+    ];
+    groups = [ "wheel" ];
+  }];
 }
diff --git a/modules/nixos/configs/default.nix b/modules/nixos/configs/default.nix
index 8babd5c..29c173d 100644
--- a/modules/nixos/configs/default.nix
+++ b/modules/nixos/configs/default.nix
@@ -5,7 +5,6 @@
     ./fonts.nix
     ./keyboard.nix
     ./nix.nix
-    ./security.nix
     ./sound.nix
     ./system.nix
     ./yubikey.nix
diff --git a/modules/nixos/programs/browsers/default.nix b/modules/nixos/programs/browsers/default.nix
index 9dfeb0f..69cdd30 100644
--- a/modules/nixos/programs/browsers/default.nix
+++ b/modules/nixos/programs/browsers/default.nix
@@ -39,8 +39,6 @@ in
   config = lib.mkIf isEnable {
     environment.systemPackages = hostPackages;
 
-    local.security.sudo.nopasswd = [{ commands = hostPackages; }];
-
     local.sound.systemWide = true;
 
     containers.browsers = {
diff --git a/modules/nixos/programs/communication/skype.nix b/modules/nixos/programs/communication/skype.nix
index 77a1743..c6b6f8e 100644
--- a/modules/nixos/programs/communication/skype.nix
+++ b/modules/nixos/programs/communication/skype.nix
@@ -27,8 +27,6 @@ in
   config = lib.mkIf cfg.enable {
     environment.systemPackages = [ hostSkype ];
 
-    local.security.sudo.nopasswd = [{ commands = [ hostSkype ]; }];
-
     local.sound.systemWide = true;
 
     containers.skype = {
diff --git a/modules/nixos/programs/communication/telegram.nix b/modules/nixos/programs/communication/telegram.nix
index 644b9fb..b89df54 100644
--- a/modules/nixos/programs/communication/telegram.nix
+++ b/modules/nixos/programs/communication/telegram.nix
@@ -27,8 +27,6 @@ in
   config = lib.mkIf cfg.enable {
     environment.systemPackages = [ hostTelegram ];
 
-    local.security.sudo.nopasswd = [{ commands = [ hostTelegram ]; }];
-
     local.sound.systemWide = true;
 
     containers.telegram = {