security/sudo: disable lecture and no longer persist /var/db

flake/nixos.nix

@@ -17,6 +17,7 @@ let
         # keep-sorted start
         programs.tools.common
         security.polkit
+        security.sudo
         services.dbus
         services.journald
         services.openssh

nixos/profiles/security/sudo/default.nix

@@ -0,0 +1,10 @@
+{ ... }:
+{
+  security.sudo = {
+    execWheelOnly = true;
+    wheelNeedsPassword = true;
+    extraConfig = ''
+      Defaults lecture="never"
+    '';
+  };
+}

nixos/profiles/system/global-persistence.nix

@@ -2,7 +2,7 @@
 {
   environment.globalPersistence = {
     directories = [
-      "/var/db"
+      "/var/cache"
       "/var/lib"
       "/var/log"
       "/var/tmp"