gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/sudo: Split up configFile into individual sections

Browse Source
This commit is contained in:
nicoo
2023-08-31 10:33:11 +00:00
parent 74b1db5164
commit 409d29ca73
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
nixos/modules/security/sudo.nix
View File

@@ -205,17 +205,20 @@ in
} }
]; ];
security.sudo.configFile = security.sudo.configFile = concatStringsSep "\n" [
'' ''
# Don't edit this file. Set the NixOS options security.sudo.configFile # Don't edit this file. Set the NixOS options security.sudo.configFile
# or security.sudo.extraRules instead. # or security.sudo.extraRules instead.
''
''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK Defaults env_keep+=SSH_AUTH_SOCK
''
''
# "root" is allowed to do anything. # "root" is allowed to do anything.
root ALL=(ALL:ALL) SETENV: ALL root ALL=(ALL:ALL) SETENV: ALL
''
''
# extraRules # extraRules
${concatStringsSep "\n" ( ${concatStringsSep "\n" (
lists.flatten ( lists.flatten (
@@ -227,9 +230,12 @@ in
) cfg.extraRules ) cfg.extraRules
) )
)} )}
''
''
# extraConfig
${cfg.extraConfig} ${cfg.extraConfig}
''; ''
];
security.wrappers = let security.wrappers = let
owner = "root"; owner = "root";