From 0b304408b383f86bdef03c47f48a541ef7973809 Mon Sep 17 00:00:00 2001
From: Kabbone <tobias@opel-online.de>
Date: Thu, 27 Jul 2023 21:37:38 +0200
Subject: [PATCH] flake: restrict nix access

---
 flake.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/flake.nix b/flake.nix
index a72dbb5..f16ee23 100644
--- a/flake.nix
+++ b/flake.nix
@@ -46,6 +46,7 @@
           inherit (nixpkgs) lib;
           inherit inputs nixpkgs nixpkgs-stable nixos-hardware home-manager nur user location agenix jovian-nixos;   # Also inherit home-manager so it does not need to be defined here.
           nix.allowedUsers = [ "@wheel" ];
+          security.sudo.execWheelOnly = true;
         }
       );
     };