nixos/security/misc: use mkMerge for easier extension

author: Joachim Fasting <joachifm@fastmail.fm> 2018-11-24 18:37:46 +0100
committer: Joachim Fasting <joachifm@fastmail.fm> 2018-12-27 15:00:46 +0100
commit: 9db84f6fcdb2616471abb6a427a2b21fe8a8255f (patch)
tree: dfd14c072af26d4572510f4c55f4c8886abcff41 /nixos/modules/security/misc.nix
parent: 2534dddaa96af8faa442ba7ac360966c7990e773 (diff)
download: nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar
nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar.gz
nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar.bz2
nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar.lz
nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar.xz
nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar.zst
nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.zip
1 files changed, 13 insertions, 11 deletions
diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix
index 42f872b7b08..f3fc6db22ea 100644
--- a/nixos/modules/security/misc.nix
+++ b/nixos/modules/security/misc.nix
@@ -24,16 +24,18 @@ with lib;
     };
   };
 
-  config = mkIf (!config.security.allowUserNamespaces) {
-    # Setting the number of allowed user namespaces to 0 effectively disables
-    # the feature at runtime.  Note that root may raise the limit again
-    # at any time.
-    boot.kernel.sysctl."user.max_user_namespaces" = 0;
+  config = mkMerge [
+    (mkIf (!config.security.allowUserNamespaces) {
+      # Setting the number of allowed user namespaces to 0 effectively disables
+      # the feature at runtime.  Note that root may raise the limit again
+      # at any time.
+      boot.kernel.sysctl."user.max_user_namespaces" = 0;
 
-    assertions = [
-      { assertion = config.nix.useSandbox -> config.security.allowUserNamespaces;
-        message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`.";
-      }
-    ];
-  };
+      assertions = [
+        { assertion = config.nix.useSandbox -> config.security.allowUserNamespaces;
+          message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`.";
+        }
+      ];
+    })
+  ];
 }
author	Joachim Fasting <joachifm@fastmail.fm>	2018-11-24 18:37:46 +0100
committer	Joachim Fasting <joachifm@fastmail.fm>	2018-12-27 15:00:46 +0100
commit	9db84f6fcdb2616471abb6a427a2b21fe8a8255f (patch)
tree	dfd14c072af26d4572510f4c55f4c8886abcff41 /nixos/modules/security/misc.nix
parent	2534dddaa96af8faa442ba7ac360966c7990e773 (diff)
download	nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar.gz nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar.bz2 nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar.lz nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar.xz nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.tar.zst nixpkgs-9db84f6fcdb2616471abb6a427a2b21fe8a8255f.zip