gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/sudo-rs: init

Browse Source 
adds a new sudo-rs module that contains sudo-rs changes removed from sudo module
This commit is contained in:
Maciej Krüger
2023-09-21 14:58:59 +02:00
parent 57d41f9751
commit 7c8b8bd3e4
2 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/module-list.nix
View File

@@ -311,6 +311,7 @@
./security/rngd.nix ./security/rngd.nix
./security/rtkit.nix ./security/rtkit.nix
./security/sudo.nix ./security/sudo.nix
./security/sudo-rs.nix
./security/systemd-confinement.nix ./security/systemd-confinement.nix
./security/tpm2.nix ./security/tpm2.nix
./security/wrappers/default.nix ./security/wrappers/default.nix

18
nixos/modules/security/sudo-rs.nix
View File

@@ -6,7 +6,7 @@ let
inherit (pkgs) sudo sudo-rs; inherit (pkgs) sudo sudo-rs;
cfg = config.security.sudo; cfg = config.security.sudo-rs;
enableSSHAgentAuth = enableSSHAgentAuth =
with config.security; with config.security;
@@ -37,7 +37,7 @@ in
###### interface ###### interface
options.security.sudo = { options.security.sudo-rs = {
defaultOptions = mkOption { defaultOptions = mkOption {
type = with types; listOf str; type = with types; listOf str;
@@ -53,7 +53,7 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = false;
description = mdDoc '' description = mdDoc ''
Whether to enable the {command}`sudo` command, which Whether to enable the {command}`sudo` command, which
allows non-root users to execute commands as root. allows non-root users to execute commands as root.
@@ -62,8 +62,8 @@ in
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.sudo; default = pkgs.sudo-rs;
defaultText = literalExpression "pkgs.sudo"; defaultText = literalExpression "pkgs.sudo-rs";
description = mdDoc '' description = mdDoc ''
Which package to use for `sudo`. Which package to use for `sudo`.
''; '';
@@ -208,7 +208,7 @@ in
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
security.sudo.extraRules = security.sudo-rs.extraRules =
let let
defaultRule = { users ? [], groups ? [], opts ? [] }: [ { defaultRule = { users ? [], groups ? [], opts ? [] }: [ {
inherit users groups; inherit users groups;
@@ -230,10 +230,10 @@ in
})) }))
]; ];
security.sudo.configFile = concatStringsSep "\n" (filter (s: s != "") [ security.sudo-rs.configFile = concatStringsSep "\n" (filter (s: s != "") [
'' ''
# Don't edit this file. Set the NixOS options security.sudo.configFile # Don't edit this file. Set the NixOS options security.sudo-rs.configFile
# or security.sudo.extraRules instead. # or security.sudo-rs.extraRules instead.
'' ''
(optionalString enableSSHAgentAuth '' (optionalString enableSSHAgentAuth ''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.