Jafner.net/nix/nixos/security.nix

{ ... }: {

# Enable passwordless sudo
  security.sudo = {
    enable = true;
    extraRules = [{
      commands = [
        {
          command = "ALL";
          options = [ "NOPASSWD" ];
        }
      ];
      groups = [ "wheel" ];
    }];
  };

  # Enable SSH server with exclusively key-based auth
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;
  };
}
Update from joey@joey-laptop: Switch to home-manager module. Switch from no-default stable vs. unstable pkgs to stable-by-default with optional unstable. 2024-09-15 21:46:24 -07:00			`{ ... }: {`

			`# Enable passwordless sudo`
			`security.sudo = {`
			`enable = true;`
			`extraRules = [{`
			`commands = [`
			`{`
			`command = "ALL";`
			`options = [ "NOPASSWD" ];`
			`}`
			`];`
			`groups = [ "wheel" ];`
			`}];`
			`};`

			`# Enable SSH server with exclusively key-based auth`
			`services.openssh = {`
			`enable = true;`
			`settings.PasswordAuthentication = false;`
			`settings.KbdInteractiveAuthentication = false;`
			`};`
			`}`