Split off sudo module.

hosts/common/compute-node.nix

@@ -3,6 +3,7 @@
   imports = [
     ./impermanence.nix
     ./sshd.nix
+    ./sudo.nix
     ./user-ppetru.nix
   ];
 
@@ -14,14 +15,6 @@
       keyFile = "/dev/sda";
   };
 
-  security.sudo = {
-    extraConfig = ''
-      # rollback results in sudo lectures after each reboot
-      Defaults lecture = never
-    '';
-    wheelNeedsPassword = false;
-  };
-
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;

hosts/common/global/sudo.nix

@@ -0,0 +1,5 @@
+{
+  security.sudo = {
+    wheelNeedsPassword = false;
+  };
+}

hosts/common/impermanence.nix

@@ -24,6 +24,11 @@
   fileSystems."/var/log".options = ["compress=zstd" "noatime" ];
   fileSystems."/var/log".neededForBoot = true;
 
+  # rollback results in sudo lectures after each reboot
+  security.sudo.extraConfig = ''
+    Defaults lecture = never
+  '';
+
   # reset / at each boot
   # Note `lib.mkBefore` is used instead of `lib.mkAfter` here.
   boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''