hosts: move doas to its own module

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>

hosts/default.nix

@@ -8,6 +8,7 @@ let
     ./programs/zsh
     ./programs/gnupg
     ./programs/git
+    ./programs/doas
     {
       _module.args = globalArgs;
     }

hosts/minimal.nix

@@ -1,29 +1,5 @@
 { config, pkgs, ... }:
 {
-  security = {
-    sudo.enable = false;
-    doas = {
-      enable = true;
-      extraRules = [
-        {
-          groups = [ "wheel" ];
-          keepEnv = true;
-          persist = true;
-        }
-      ];
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    git
-    htop
-    vim
-    tmux
-    wireguard-tools
-    nmap
-    gcc
-  ];
-
   nix = {
     extraOptions = ''
       experimental-features = nix-command flakes

hosts/okina/stuff.nix

@@ -8,17 +8,6 @@
     rtkit.enable = true;
     polkit.enable = true;
     sudo.enable = true;
-    doas = {
-      enable = true;
-      extraRules = [
-        {
-          users = [ "natto" ];
-          keepEnv = true;
-          persist = true;
-          setEnv = [ "SSH_AUTH_SOCK" "PATH" "SHELL" ];
-        }
-      ];
-    };
   };
   console.useXkbConfig = true;
 

hosts/programs/doas/default.nix

@@ -0,0 +1,16 @@
+{ ... }:
+{
+  security = {
+    doas = {
+      enable = true;
+      extraRules = [
+        {
+          groups = [ "wheel" ];
+          keepEnv = true;
+          persist = true;
+          setEnv = [ "PATH" ];
+        }
+      ];
+    };
+  };
+}

hosts/satori/stuff.nix

@@ -8,17 +8,6 @@
     rtkit.enable = true;
     polkit.enable = true;
     sudo.enable = true;
-    doas = {
-      enable = true;
-      extraRules = [
-        {
-          users = [ "natto" ];
-          keepEnv = true;
-          persist = true;
-          setEnv = [ "SSH_AUTH_SOCK" "PATH" "SHELL" ];
-        }
-      ];
-    };
   };
   console.useXkbConfig = true;