From b7b0535b745af4adf77237f80d9bc23e29dbae37 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Fri, 7 Jun 2024 20:03:08 +0200
Subject: [PATCH] Don't put people in the wheel group, to avoid sudo -i, use
 ssh root@localhost instead.

---
 nixos/components/mainUser.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/components/mainUser.nix b/nixos/components/mainUser.nix
index 4805d9e..855385d 100644
--- a/nixos/components/mainUser.nix
+++ b/nixos/components/mainUser.nix
@@ -71,7 +71,7 @@ in
         uid = cfg.uid;
         home = "/home/${cfg.userName}";
         initialPassword = cfg.userName;
-        extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" ]
+        extraGroups = [ "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" ]
           ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
         openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
         group = config.users.groups.mainUser.name;