I like the simplicity of doas compared to sudo. Also, not using
the most popular program used for privilege escalation increases
security. You may call it security by obscurity, but it doesn’t make
it wrong.
{
security.doas = {
enable = true;
extraRules = [
{
groups = [ "wheel" ];
persist = true;
keepEnv = true;
setEnv = [ "PATH" ];
}
];
};
security.sudo.enable = false;
users.allowNoPasswordLogin = true;
}{ pkgs, ...}:
{
environment.systemPackages = [
pkgs.doas-sudo-shim
];
}