From a9a8902858fa04932185a5aa5848f0b82496d41e Mon Sep 17 00:00:00 2001
From: Christoph Cullmann <christoph@cullmann.io>
Date: Fri, 9 May 2025 22:50:23 +0200
Subject: [PATCH] use ssh for sandbox

---
 share/common.nix | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/share/common.nix b/share/common.nix
index 543b060..2163b29 100644
--- a/share/common.nix
+++ b/share/common.nix
@@ -547,13 +547,6 @@ in
   # use doas instead of sudo
   security.sudo.enable = false;
   security.doas.enable = true;
-  security.doas.extraRules = [
-    # wheel users are allowed to become all users
-    { groups = [ "wheel" ]; noPass = false; keepEnv = true; persist = true; }
-
-    # wheel users can use sandbox stuff without password
-    { groups = [ "wheel" ]; runAs = "sandbox-kde"; noPass = true; }
-  ];
 
   # try local AI stuff
   services.ollama = {