From 83b7f2650ada1f9cfab9bdb4391f9fccd14503d0 Mon Sep 17 00:00:00 2001
From: Emile Clark-Boman <eclarkboman@gmail.com>
Date: Sat, 26 Jul 2025 18:31:12 +1000
Subject: [PATCH] remove paswordless sudo from ae@hyrule

---
 hosts/hyrule/default.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix
index dc5cfb2..04dd0ad 100755
--- a/hosts/hyrule/default.nix
+++ b/hosts/hyrule/default.nix
@@ -72,8 +72,6 @@ in {
     };
   };
 
-  security.sudo.wheelNeedsPassword = false;
-
   users = {
     defaultUserShell = pkgs.bash;
 
@@ -418,9 +416,10 @@ in {
       defaults.email = "eclarkboman@gmail.com";
     };
 
+    sudo.wheelNeedsPassword = true;
     # allow SSH keys for passwordless auth
     # TODO: DO NOT USE THIS (create my own alternative to colmena)
-    pam.services.sudo.sshAgentAuth = true;
+    pam.services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
   };
 
   environment.systemPackages = with pkgs; [