From e1faa10e24d2dfa006db416b9367e1091d682707 Mon Sep 17 00:00:00 2001
From: Amneesh Singh <natto@weirdnatto.in>
Date: Sun, 29 Jun 2025 17:43:42 +0530
Subject: [PATCH] hosts: move doas to its own module

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
---
 hosts/default.nix               |  1 +
 hosts/minimal.nix               | 24 ------------------------
 hosts/okina/stuff.nix           | 11 -----------
 hosts/programs/doas/default.nix | 16 ++++++++++++++++
 hosts/satori/stuff.nix          | 11 -----------
 5 files changed, 17 insertions(+), 46 deletions(-)
 create mode 100644 hosts/programs/doas/default.nix

diff --git a/hosts/default.nix b/hosts/default.nix
index 885ff8c..75bc780 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -8,6 +8,7 @@ let
     ./programs/zsh
     ./programs/gnupg
     ./programs/git
+    ./programs/doas
     {
       _module.args = globalArgs;
     }
diff --git a/hosts/minimal.nix b/hosts/minimal.nix
index b82d440..e543c08 100644
--- a/hosts/minimal.nix
+++ b/hosts/minimal.nix
@@ -1,29 +1,5 @@
 { config, pkgs, ... }:
 {
-  security = {
-    sudo.enable = false;
-    doas = {
-      enable = true;
-      extraRules = [
-        {
-          groups = [ "wheel" ];
-          keepEnv = true;
-          persist = true;
-        }
-      ];
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    git
-    htop
-    vim
-    tmux
-    wireguard-tools
-    nmap
-    gcc
-  ];
-
   nix = {
     extraOptions = ''
       experimental-features = nix-command flakes
diff --git a/hosts/okina/stuff.nix b/hosts/okina/stuff.nix
index 7a0105e..00c79a9 100644
--- a/hosts/okina/stuff.nix
+++ b/hosts/okina/stuff.nix
@@ -8,17 +8,6 @@
     rtkit.enable = true;
     polkit.enable = true;
     sudo.enable = true;
-    doas = {
-      enable = true;
-      extraRules = [
-        {
-          users = [ "natto" ];
-          keepEnv = true;
-          persist = true;
-          setEnv = [ "SSH_AUTH_SOCK" "PATH" "SHELL" ];
-        }
-      ];
-    };
   };
   console.useXkbConfig = true;
 
diff --git a/hosts/programs/doas/default.nix b/hosts/programs/doas/default.nix
new file mode 100644
index 0000000..82ab8c2
--- /dev/null
+++ b/hosts/programs/doas/default.nix
@@ -0,0 +1,16 @@
+{ ... }:
+{
+  security = {
+    doas = {
+      enable = true;
+      extraRules = [
+        {
+          groups = [ "wheel" ];
+          keepEnv = true;
+          persist = true;
+          setEnv = [ "PATH" ];
+        }
+      ];
+    };
+  };
+}
diff --git a/hosts/satori/stuff.nix b/hosts/satori/stuff.nix
index 954e353..0badb1c 100644
--- a/hosts/satori/stuff.nix
+++ b/hosts/satori/stuff.nix
@@ -8,17 +8,6 @@
     rtkit.enable = true;
     polkit.enable = true;
     sudo.enable = true;
-    doas = {
-      enable = true;
-      extraRules = [
-        {
-          users = [ "natto" ];
-          keepEnv = true;
-          persist = true;
-          setEnv = [ "SSH_AUTH_SOCK" "PATH" "SHELL" ];
-        }
-      ];
-    };
   };
   console.useXkbConfig = true;