move podmand security options to podman aspect

2026-02-07 09:33:55 -03:00 · 2026-02-07 09:33:55 -03:00 · c6fbd21009
commit c6fbd21009
parent d83172f487
2 changed files with 23 additions and 15 deletions
--- a/aspects/common/security.nix
+++ b/aspects/common/security.nix
@ -1,14 +1,13 @@
 { ... }:
 {
-  flake.modules.nixos.common-security = { ... }: {
-    security = {
-      unprivilegedUsernsClone = true; # Needed for rootless podman
-      sudo = {
+  flake.modules.nixos.common-security =
+    { ... }:
+    {
+      security.sudo = {
        wheelNeedsPassword = false;
        extraConfig = ''
          Defaults lecture = never
        '';
      };
    };
-  };
 }
--- a/aspects/podman.nix
+++ b/aspects/podman.nix
@ -1,15 +1,24 @@
 { ... }:
 {
-  flake.modules.nixos.podman = { config, lib, pkgs, ... }: {
-    virtualisation.podman = {
-      enable = true;
-      autoPrune.enable = true;
-      extraPackages = [ pkgs.podman-compose ];
-    };
+  flake.modules.nixos.podman =
+    {
+      config,
+      lib,
+      pkgs,
+      ...
+    }:
+    {
+      virtualisation.podman = {
+        enable = true;
+        autoPrune.enable = true;
+        extraPackages = [ pkgs.podman-compose ];
+      };

-    systemd = {
-      services.podman-auto-update.enable = true;
-      timers.podman-auto-update.enable = true;
+      security.unprivilegedUsernsClone = true; # Needed for rootless podman
+
+      systemd = {
+        services.podman-auto-update.enable = true;
+        timers.podman-auto-update.enable = true;
+      };
    };
-  };
 }