From a62a9b6990de1d19c8793324d75a3dd3c20efa2a Mon Sep 17 00:00:00 2001
From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com>
Date: Wed, 22 Oct 2025 17:24:39 +1100
Subject: [PATCH] feat: confine sudo access to users with the wheel group only

---
 modules/nixos/features/sudo.nix | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 modules/nixos/features/sudo.nix

diff --git a/modules/nixos/features/sudo.nix b/modules/nixos/features/sudo.nix
new file mode 100644
index 0000000..78f1db5
--- /dev/null
+++ b/modules/nixos/features/sudo.nix
@@ -0,0 +1,6 @@
+{
+  ...
+}:
+{
+  security.sudo.execWheelOnly = true;
+}