From b481d6cb9f9f178e37460780b1c377ef60d19f8c Mon Sep 17 00:00:00 2001
From: NullBite <me@nullbite.com>
Date: Thu, 19 Dec 2024 01:22:04 -0500
Subject: [PATCH] system: add @wheel to trusted users

---
 system/common/nix.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/system/common/nix.nix b/system/common/nix.nix
index 7e45398..df1902f 100644
--- a/system/common/nix.nix
+++ b/system/common/nix.nix
@@ -70,6 +70,14 @@ in
       # fallback to building locally if binary cache fails (home-manager should be
       # able to handle simple rebuilds offline)
       nix.settings.fallback = lib.mkDefault true;
+
+      # trust all members of wheel. this technically can give you root power,
+      # but if you've compromised a member of wheel, you might as well already
+      # be root; you could easily intercept a sudo call.
+      nix.settings.trusted-users = [
+        "@wheel"
+        "root"
+      ];
     })
   ];
 }