From 1852b67bc60e34ae6e7d3cba51892668a83e1a1d Mon Sep 17 00:00:00 2001
From: nicoo <nicoo@mur.at>
Date: Thu, 7 Sep 2023 12:50:48 +0000
Subject: nixos/sudo: Make the default rules' options configurable

---
 nixos/modules/security/sudo.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix
index aab5213d6dc..03f38b543d6 100644
--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@@ -32,6 +32,15 @@ in
 
   options.security.sudo = {
 
+    defaultOptions = mkOption {
+      type = with types; listOf str;
+      default = [ "SETENV" ];
+      description = mdDoc ''
+        Options used for the default rules, granting `root` and the
+        `wheel` group permission to run any command as any user.
+      '';
+    };
+
     enable = mkEnableOption (mdDoc ''
       the {command}`sudo` command, which allows non-root users to execute commands as root.
     '');
@@ -188,8 +197,8 @@ in
           inherit users groups;
           commands = [ {
             command = "ALL";
-            options = opts ++ [ "SETENV" ];
-	  } ];
+            options = opts ++ cfg.defaultOptions;
+          } ];
         } ];
       in mkMerge [
         # This is ordered before users' `mkBefore` rules,
-- 
cgit 1.4.1