diff options
| author | Maciej Krüger <mkg20001@gmail.com> | 2023-09-21 14:58:59 +0200 |
|---|---|---|
| committer | Maciej Krüger <mkg20001@gmail.com> | 2023-09-22 15:14:13 +0200 |
| commit | 7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d (patch) | |
| tree | f103ce4b6f392d02f932f1920ea3c8fd381d4b11 /nixos/modules/security | |
| parent | 57d41f97514d95fa6e4dcb73885e6af3a50209be (diff) | |
| download | nixpkgs-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar nixpkgs-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar.gz nixpkgs-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar.bz2 nixpkgs-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar.lz nixpkgs-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar.xz nixpkgs-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar.zst nixpkgs-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.zip | |
nixos/sudo-rs: init
adds a new sudo-rs module that contains sudo-rs changes removed from sudo module
Diffstat (limited to 'nixos/modules/security')
| -rw-r--r-- | nixos/modules/security/sudo-rs.nix | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/nixos/modules/security/sudo-rs.nix b/nixos/modules/security/sudo-rs.nix index 4bdbe9671e6..83bef3bbf91 100644 --- a/nixos/modules/security/sudo-rs.nix +++ b/nixos/modules/security/sudo-rs.nix @@ -6,7 +6,7 @@ let inherit (pkgs) sudo sudo-rs; - cfg = config.security.sudo; + cfg = config.security.sudo-rs; enableSSHAgentAuth = with config.security; @@ -37,7 +37,7 @@ in ###### interface - options.security.sudo = { + options.security.sudo-rs = { defaultOptions = mkOption { type = with types; listOf str; @@ -53,7 +53,7 @@ in enable = mkOption { type = types.bool; - default = true; + default = false; description = mdDoc '' Whether to enable the {command}`sudo` command, which allows non-root users to execute commands as root. @@ -62,8 +62,8 @@ in package = mkOption { type = types.package; - default = pkgs.sudo; - defaultText = literalExpression "pkgs.sudo"; + default = pkgs.sudo-rs; + defaultText = literalExpression "pkgs.sudo-rs"; description = mdDoc '' Which package to use for `sudo`. ''; @@ -208,7 +208,7 @@ in ###### implementation config = mkIf cfg.enable { - security.sudo.extraRules = + security.sudo-rs.extraRules = let defaultRule = { users ? [], groups ? [], opts ? [] }: [ { inherit users groups; @@ -230,10 +230,10 @@ in })) ]; - security.sudo.configFile = concatStringsSep "\n" (filter (s: s != "") [ + security.sudo-rs.configFile = concatStringsSep "\n" (filter (s: s != "") [ '' - # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’ - # or ‘security.sudo.extraRules’ instead. + # Don't edit this file. Set the NixOS options ‘security.sudo-rs.configFile’ + # or ‘security.sudo-rs.extraRules’ instead. '' (optionalString enableSSHAgentAuth '' # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. |