From 63d110acfeefef9afb9b15fae8501c82378fb60e Mon Sep 17 00:00:00 2001
From: Erwin Boskma <erwin@datarift.nl>
Date: Thu, 7 Mar 2024 16:35:29 +0100
Subject: [PATCH] heimdall: Switch to sudo-rs

---
 machines/heimdall/configuration.nix | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/machines/heimdall/configuration.nix b/machines/heimdall/configuration.nix
index 52c64b3..5aa02ac 100644
--- a/machines/heimdall/configuration.nix
+++ b/machines/heimdall/configuration.nix
@@ -141,11 +141,18 @@
     };
   };
 
-  security.apparmor = {
-    enable = true;
-    killUnconfinedConfinables = true;
+  security = {
+    sudo-rs = {
+      enable = true;
+    };
+    sudo.enable = false;
+
+    apparmor = {
+      enable = true;
+      killUnconfinedConfinables = true;
+    };
+    protectKernelImage = true;
   };
-  security.protectKernelImage = true;
 
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {