nixos

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs
commit 68ab2952474e2bb66b38def95ad7324d667176e9
parent 9ea2ff18da47313775a5d39fd5e819ff59762d2f
Author: Toni Brown <me@tb148.net>
Date:   Tue, 31 Mar 2026 11:46:16 +0800

replace sudo with run0

Diffstat:

Mconfiguration.nix | 5++++-


Mflake.lock | 97++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------


Mflake.nix | 14++++++++++----


Apolkit.js | 8++++++++


4 files changed, 103 insertions(+), 21 deletions(-)

diff --git a/configuration.nix b/configuration.nix
@@ -5,6 +5,7 @@
 	config,
 	lib,
 	pkgs,
+	inputs,
 	...
 }: {
 	imports = [
@@ -81,7 +82,7 @@
 	services.xserver.xkb.layout = "cn(altgr-pinyin)";
 
 	security.sudo.enable = false;
-	security.sudo-rs.enable = true;
+	security.polkit.extraConfig = builtins.readFile ./polkit.js;
 
 	catppuccin.enable = true;
 	catppuccin.flavor = "mocha";
@@ -108,6 +109,7 @@
 		settings = {
 			ssh_identity = "/etc/btrbk/id_ed25519";
 			ssh_user = "btrbk";
+			backend = "btrfs-progs-sudo";
 			backend_remote = "btrfs-progs-sudo";
 			stream_compress = "zstd";
 
@@ -168,6 +170,7 @@
 		catppuccin-cursors.mochaMauve
 		git
 		helix
+		inputs.run0-sudo-shim.packages.x86_64-linux.default
 		sarasa-gothic
 		wget
 	];
diff --git a/flake.lock b/flake.lock
@@ -13,11 +13,11 @@
         "rev": "948a8ee84858d053b83f01c8c168f9f4347937e6",
         "revCount": 622,
         "type": "git",
-        "url": "ssh://git@github.com/catppuccin/nix.git"
+        "url": "https://github.com/catppuccin/nix.git"
       },
       "original": {
         "type": "git",
-        "url": "ssh://git@github.com/catppuccin/nix.git"
+        "url": "https://github.com/catppuccin/nix.git"
       }
     },
     "determinate": {
@@ -147,17 +147,17 @@
         ]
       },
       "locked": {
-        "lastModified": 1774875815,
-        "narHash": "sha256-PzqwM4njoB3aznqwPZUawD4uOcJeu7N6GBTJKg81EQ4=",
+        "lastModified": 1774898676,
+        "narHash": "sha256-0Utnqo+FbB+0CVUi0MI3oonF0Kuzy9VcgRkxl53Euvk=",
         "ref": "refs/heads/master",
-        "rev": "9340f51314713c83360bf72d75c8b404778ab5b1",
-        "revCount": 6434,
+        "rev": "a184bd2f8426087bae93f203403cd4b86c99e57d",
+        "revCount": 6435,
         "type": "git",
-        "url": "ssh://git@github.com/nix-community/home-manager.git"
+        "url": "https://github.com/nix-community/home-manager.git"
       },
       "original": {
         "type": "git",
-        "url": "ssh://git@github.com/nix-community/home-manager.git"
+        "url": "https://github.com/nix-community/home-manager.git"
       }
     },
     "nix": {
@@ -181,6 +181,27 @@
         "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A"
       }
     },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "run0-sudo-shim",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1737420293,
+        "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1761597516,
@@ -249,13 +270,13 @@
         "rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685",
         "shallow": true,
         "type": "git",
-        "url": "ssh://git@github.com/NixOS/nixpkgs.git"
+        "url": "https://github.com/NixOS/nixpkgs.git"
       },
       "original": {
         "ref": "nixos-unstable",
         "shallow": true,
         "type": "git",
-        "url": "ssh://git@github.com/NixOS/nixpkgs.git"
+        "url": "https://github.com/NixOS/nixpkgs.git"
       }
     },
     "root": {
@@ -264,9 +285,32 @@
         "determinate": "determinate",
         "home-manager": "home-manager",
         "nixpkgs": "nixpkgs_3",
+        "run0-sudo-shim": "run0-sudo-shim",
         "sops-nix": "sops-nix"
       }
     },
+    "run0-sudo-shim": {
+      "inputs": {
+        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1774702115,
+        "narHash": "sha256-iZ0HSQwjr9nYpVn10ZI4zQTdqvSggfxhXZ1c4oSZnuc=",
+        "ref": "refs/heads/main",
+        "rev": "c9e06e2f220ab2fcf2228d4315c0a7fc2dc6e438",
+        "revCount": 62,
+        "type": "git",
+        "url": "https://github.com/lordgrimmauld/run0-sudo-shim.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://github.com/lordgrimmauld/run0-sudo-shim.git"
+      }
+    },
     "sops-nix": {
       "inputs": {
         "nixpkgs": [
@@ -274,17 +318,38 @@
         ]
       },
       "locked": {
-        "lastModified": 1774760784,
-        "narHash": "sha256-D+tgywBHldTc0klWCIC49+6Zlp57Y4GGwxP1CqfxZrY=",
+        "lastModified": 1774910634,
+        "narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=",
         "ref": "refs/heads/master",
-        "rev": "8adb84861fe70e131d44e1e33c426a51e2e0bfa5",
-        "revCount": 1186,
+        "rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301",
+        "revCount": 1189,
         "type": "git",
-        "url": "ssh://git@github.com/Mic92/sops-nix.git"
+        "url": "https://github.com/Mic92/sops-nix.git"
       },
       "original": {
         "type": "git",
-        "url": "ssh://git@github.com/Mic92/sops-nix.git"
+        "url": "https://github.com/Mic92/sops-nix.git"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "run0-sudo-shim",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1773297127,
+        "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
@@ -2,18 +2,22 @@
 	description = "A simple NixOS flake";
 
 	inputs = {
-		nixpkgs.url = "git+ssh://git@github.com/NixOS/nixpkgs.git?ref=nixos-unstable&shallow=1";
+		nixpkgs.url = "git+https://github.com/NixOS/nixpkgs.git?ref=nixos-unstable&shallow=1";
 		determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
 		catppuccin = {
-			url = "git+ssh://git@github.com/catppuccin/nix.git";
+			url = "git+https://github.com/catppuccin/nix.git";
 			inputs.nixpkgs.follows = "nixpkgs";
 		};
 		home-manager = {
-			url = "git+ssh://git@github.com/nix-community/home-manager.git";
+			url = "git+https://github.com/nix-community/home-manager.git";
+			inputs.nixpkgs.follows = "nixpkgs";
+		};
+		run0-sudo-shim = {
+			url = "git+https://github.com/lordgrimmauld/run0-sudo-shim.git";
 			inputs.nixpkgs.follows = "nixpkgs";
 		};
 		sops-nix = {
-			url = "git+ssh://git@github.com/Mic92/sops-nix.git";
+			url = "git+https://github.com/Mic92/sops-nix.git";
 			inputs.nixpkgs.follows = "nixpkgs";
 		};
 	};
@@ -24,6 +28,7 @@
 		determinate,
 		catppuccin,
 		home-manager,
+		run0-sudo-shim,
 		sops-nix,
 		...
 	} @ inputs: {
@@ -36,6 +41,7 @@
 					catppuccin.nixosModules.catppuccin
 					determinate.nixosModules.default
 					home-manager.nixosModules.home-manager
+					run0-sudo-shim.nixosModules.default
 					sops-nix.nixosModules.sops
 					{
 						home-manager.useGlobalPkgs = true;
diff --git a/polkit.js b/polkit.js
@@ -0,0 +1,8 @@
+polkit.addRule(function (action, subject) {
+	if (
+		action.id == "org.freedesktop.systemd1.manage-units" &&
+		subject.user == "btrbk"
+	) {
+		return "yes";
+	}
+});