diff options
| author | nicoo <nicoo@mur.at> | 2023-09-04 21:06:12 +0000 |
|---|---|---|
| committer | nicoo <nicoo@mur.at> | 2023-09-18 17:35:06 +0000 |
| commit | 8742134c80539b3f8e9c7c51b13a225a92e97b9a (patch) | |
| tree | 78bcbdf3ab0ebf1af4e9b90a074fb9584ee84ced /nixos/modules/security | |
| parent | 454151375d626a148fdb4423d577994319d6bd97 (diff) | |
| download | nixpkgs-8742134c80539b3f8e9c7c51b13a225a92e97b9a.tar nixpkgs-8742134c80539b3f8e9c7c51b13a225a92e97b9a.tar.gz nixpkgs-8742134c80539b3f8e9c7c51b13a225a92e97b9a.tar.bz2 nixpkgs-8742134c80539b3f8e9c7c51b13a225a92e97b9a.tar.lz nixpkgs-8742134c80539b3f8e9c7c51b13a225a92e97b9a.tar.xz nixpkgs-8742134c80539b3f8e9c7c51b13a225a92e97b9a.tar.zst nixpkgs-8742134c80539b3f8e9c7c51b13a225a92e97b9a.zip | |
nixos/sudo: Only keep SSH_AUTH_SOCK if used for authentication
This will make compatibility with `sudo-rs` easier.
Diffstat (limited to 'nixos/modules/security')
| -rw-r--r-- | nixos/modules/security/sudo.nix | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index ad7d43d2682..eeb2f0dda8b 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -6,6 +6,10 @@ let cfg = config.security.sudo; + enableSSHAgentAuth = + with config.security; + pam.enableSSHAgentAuth && pam.sudo.sshAgentAuth; + inherit (pkgs) sudo; toUserString = user: if (isInt user) then "#${toString user}" else "${user}"; @@ -210,10 +214,10 @@ in # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’ # or ‘security.sudo.extraRules’ instead. '' - '' + (optionalString enableSSHAgentAuth '' # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. Defaults env_keep+=SSH_AUTH_SOCK - '' + '') '' # "root" is allowed to do anything. root ALL=(ALL:ALL) SETENV: ALL |