From 9db84f6fcdb2616471abb6a427a2b21fe8a8255f Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sat, 24 Nov 2018 18:37:46 +0100
Subject: nixos/security/misc: use mkMerge for easier extension

---
 nixos/modules/security/misc.nix | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

(limited to 'nixos/modules/security/misc.nix')

diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix
index 42f872b7b08..f3fc6db22ea 100644
--- a/nixos/modules/security/misc.nix
+++ b/nixos/modules/security/misc.nix
@@ -24,16 +24,18 @@ with lib;
     };
   };
 
-  config = mkIf (!config.security.allowUserNamespaces) {
-    # Setting the number of allowed user namespaces to 0 effectively disables
-    # the feature at runtime.  Note that root may raise the limit again
-    # at any time.
-    boot.kernel.sysctl."user.max_user_namespaces" = 0;
+  config = mkMerge [
+    (mkIf (!config.security.allowUserNamespaces) {
+      # Setting the number of allowed user namespaces to 0 effectively disables
+      # the feature at runtime.  Note that root may raise the limit again
+      # at any time.
+      boot.kernel.sysctl."user.max_user_namespaces" = 0;
 
-    assertions = [
-      { assertion = config.nix.useSandbox -> config.security.allowUserNamespaces;
-        message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`.";
-      }
-    ];
-  };
+      assertions = [
+        { assertion = config.nix.useSandbox -> config.security.allowUserNamespaces;
+          message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`.";
+        }
+      ];
+    })
+  ];
 }
-- 
cgit 1.4.1