From a1024668db529d2cb1fcfbba5ff6c00f57cd279f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Sun, 2 Nov 2025 11:55:17 +0800
Subject: [PATCH] sudo-conf: make doas inherit PATH for just

---
 nix/nixosModules/common/sudo-conf.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/nix/nixosModules/common/sudo-conf.nix b/nix/nixosModules/common/sudo-conf.nix
index b2b66182..ad4c6a6a 100644
--- a/nix/nixosModules/common/sudo-conf.nix
+++ b/nix/nixosModules/common/sudo-conf.nix
@@ -1,8 +1,18 @@
 {pkgs, ...}: {
-  security.doas.enable = true;
   security.sudo.enable = false;
 
   environment.systemPackages = [
     pkgs.doas-sudo-shim
   ];
+  security.doas = {
+    enable = true;
+    extraRules = [
+      {
+        # invoke just with doas directly as a nixos-rebuild helper
+        users = [":wheel"];
+        setEnv = ["PATH"];
+        cmd = "just";
+      }
+    ];
+  };
 }