From 1f2a2a706d02faa0d898ca26b32c71be76fb373e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laure=CE=B7t?= <laurent@fainsin.bzh>
Date: Fri, 23 Dec 2022 15:28:14 +0100
Subject: [PATCH] feat: restrict nix commands to sudoers

---
 hosts/neodymium/configuration.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/neodymium/configuration.nix b/hosts/neodymium/configuration.nix
index c218105..a6392ec 100644
--- a/hosts/neodymium/configuration.nix
+++ b/hosts/neodymium/configuration.nix
@@ -26,6 +26,9 @@ in {
   # clean /tmp at each boot
   boot.cleanTmpDir = true;
 
+  # restrict nix command to sudoers
+  nix.allowedUsers = [ "@wheel" ];
+
   # hardware
   hardware = {
     enableRedistributableFirmware = true;