summary refs log tree commit diff
path: root/nixos/modules/security/sudo.nix
diff options
context:
space:
mode:
authorMathijs Kwik <mathijs@bluescreen303.nl>2014-10-30 13:59:21 +0100
committerMathijs Kwik <mathijs@bluescreen303.nl>2014-11-02 13:27:05 +0100
commitf356cee747d04b2c29247c89b7d8cdacaa4a438a (patch)
treee581d0eac3d6adee066c09147f2fa953065dbe61 /nixos/modules/security/sudo.nix
parent53614cf1a7037a7cf355366880c44433674f19af (diff)
downloadnixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar
nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar.gz
nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar.bz2
nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar.lz
nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar.xz
nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar.zst
nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.zip
sudo: allow adding extra configuration options to the bottom of sudoers
from sudoers (5):
When multiple entries match for a user, they are applied in order.
Where there are multiple matches, the last match is used (which is not necessarily the most specific match).
Diffstat (limited to 'nixos/modules/security/sudo.nix')
-rw-r--r--nixos/modules/security/sudo.nix12
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix
index cbd1628caaec..4c6a1c26426e 100644
--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@@ -46,6 +46,14 @@ in
           <filename>sudoers</filename> file.
         '';
     };
+
+    security.sudo.extraConfig = mkOption {
+      type = types.lines;
+      default = "";
+      description = ''
+        Extra configuration text appended to <filename>sudoers</filename>.
+      '';
+    };
   };
 
 
@@ -55,7 +63,8 @@ in
 
     security.sudo.configFile =
       ''
-        # Don't edit this file. Set the NixOS option ‘security.sudo.configFile’ instead.
+        # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’
+        # and security.sudo.extraConfig instead.
 
         # Environment variables to keep for root and %wheel.
         Defaults:root,%wheel env_keep+=TERMINFO_DIRS
@@ -69,6 +78,7 @@ in
 
         # Users in the "wheel" group can do anything.
         %wheel      ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
+        ${cfg.extraConfig}
       '';
 
     security.setuidPrograms = [ "sudo" "sudoedit" ];