diff options
author | Cole Helbling <cole.e.helbling@outlook.com> | 2020-05-10 22:14:16 -0700 |
---|---|---|
committer | Cole Helbling <cole.e.helbling@outlook.com> | 2020-05-10 22:14:16 -0700 |
commit | 01b645e872107806e61cf54cc1415a843f3af795 (patch) | |
tree | 3878c9a95cf1a66a428fdfba1f4e9c567fae76f7 /nixos/modules/security | |
parent | f798f07619b373a04c5cde895dd9b590cdb8ee5a (diff) | |
download | nixlib-01b645e872107806e61cf54cc1415a843f3af795.tar nixlib-01b645e872107806e61cf54cc1415a843f3af795.tar.gz nixlib-01b645e872107806e61cf54cc1415a843f3af795.tar.bz2 nixlib-01b645e872107806e61cf54cc1415a843f3af795.tar.lz nixlib-01b645e872107806e61cf54cc1415a843f3af795.tar.xz nixlib-01b645e872107806e61cf54cc1415a843f3af795.tar.zst nixlib-01b645e872107806e61cf54cc1415a843f3af795.zip |
nixos/doas: default rule should be first
In /etc/doas.conf, the last-matched rule will override all previously-matched rules. Thus, make the default rule show up first (but still allow some wiggle room for a user to `mkBefore` it), before any user-defined rules.
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/doas.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/security/doas.nix b/nixos/modules/security/doas.nix index 1991a58db60d..b81f2d0c2d52 100644 --- a/nixos/modules/security/doas.nix +++ b/nixos/modules/security/doas.nix @@ -223,7 +223,7 @@ in config = mkIf cfg.enable { - security.doas.extraRules = [ + security.doas.extraRules = mkOrder 600 [ { groups = [ "wheel" ]; noPass = !cfg.wheelNeedsPassword; |