diff options
author | Mathijs Kwik <mathijs@bluescreen303.nl> | 2014-10-30 13:59:21 +0100 |
---|---|---|
committer | Mathijs Kwik <mathijs@bluescreen303.nl> | 2014-11-02 13:27:05 +0100 |
commit | f356cee747d04b2c29247c89b7d8cdacaa4a438a (patch) | |
tree | e581d0eac3d6adee066c09147f2fa953065dbe61 /nixos/modules/security/sudo.nix | |
parent | 53614cf1a7037a7cf355366880c44433674f19af (diff) | |
download | nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar.gz nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar.bz2 nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar.lz nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar.xz nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.tar.zst nixlib-f356cee747d04b2c29247c89b7d8cdacaa4a438a.zip |
sudo: allow adding extra configuration options to the bottom of sudoers
from sudoers (5): When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match).
Diffstat (limited to 'nixos/modules/security/sudo.nix')
-rw-r--r-- | nixos/modules/security/sudo.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index cbd1628caaec..4c6a1c26426e 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -46,6 +46,14 @@ in <filename>sudoers</filename> file. ''; }; + + security.sudo.extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Extra configuration text appended to <filename>sudoers</filename>. + ''; + }; }; @@ -55,7 +63,8 @@ in security.sudo.configFile = '' - # Don't edit this file. Set the NixOS option ‘security.sudo.configFile’ instead. + # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’ + # and security.sudo.extraConfig instead. # Environment variables to keep for root and %wheel. Defaults:root,%wheel env_keep+=TERMINFO_DIRS @@ -69,6 +78,7 @@ in # Users in the "wheel" group can do anything. %wheel ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL + ${cfg.extraConfig} ''; security.setuidPrograms = [ "sudo" "sudoedit" ]; |