{ lib, pkgs, ... }:
{
  security = {
    rtkit.enable = lib.mkDefault true;

    # configure sudo
    sudo.enable = lib.mkDefault false;
    sudo-rs = {
      enable = lib.mkDefault true;
      extraRules = [
        {
          commands = [
            {
              command = "${pkgs.systemd}/bin/systemctl suspend";
              options = [ "NOPASSWD" ];
            }
            {
              command = "${pkgs.systemd}/bin/reboot";
              options = [ "NOPASSWD" ];
            }
            {
              command = "${pkgs.systemd}/bin/poweroff";
              options = [ "NOPASSWD" ];
            }
          ];
          groups = [ "wheel" ];
        }
      ];
    };
  };
}