diff options
author | Maciej Krüger <mkg20001@gmail.com> | 2023-09-21 14:58:59 +0200 |
---|---|---|
committer | Maciej Krüger <mkg20001@gmail.com> | 2023-09-22 15:14:13 +0200 |
commit | 7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d (patch) | |
tree | f103ce4b6f392d02f932f1920ea3c8fd381d4b11 /nixos | |
parent | 57d41f97514d95fa6e4dcb73885e6af3a50209be (diff) | |
download | nixlib-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar nixlib-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar.gz nixlib-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar.bz2 nixlib-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar.lz nixlib-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar.xz nixlib-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.tar.zst nixlib-7c8b8bd3e43a93c3c8e3d2e0ba1839538d37ca2d.zip |
nixos/sudo-rs: init
adds a new sudo-rs module that contains sudo-rs changes removed from sudo module
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/security/sudo-rs.nix | 18 |
2 files changed, 10 insertions, 9 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e17d430e59b6..22724138d5dd 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -311,6 +311,7 @@ ./security/rngd.nix ./security/rtkit.nix ./security/sudo.nix + ./security/sudo-rs.nix ./security/systemd-confinement.nix ./security/tpm2.nix ./security/wrappers/default.nix diff --git a/nixos/modules/security/sudo-rs.nix b/nixos/modules/security/sudo-rs.nix index 4bdbe9671e6d..83bef3bbf91c 100644 --- a/nixos/modules/security/sudo-rs.nix +++ b/nixos/modules/security/sudo-rs.nix @@ -6,7 +6,7 @@ let inherit (pkgs) sudo sudo-rs; - cfg = config.security.sudo; + cfg = config.security.sudo-rs; enableSSHAgentAuth = with config.security; @@ -37,7 +37,7 @@ in ###### interface - options.security.sudo = { + options.security.sudo-rs = { defaultOptions = mkOption { type = with types; listOf str; @@ -53,7 +53,7 @@ in enable = mkOption { type = types.bool; - default = true; + default = false; description = mdDoc '' Whether to enable the {command}`sudo` command, which allows non-root users to execute commands as root. @@ -62,8 +62,8 @@ in package = mkOption { type = types.package; - default = pkgs.sudo; - defaultText = literalExpression "pkgs.sudo"; + default = pkgs.sudo-rs; + defaultText = literalExpression "pkgs.sudo-rs"; description = mdDoc '' Which package to use for `sudo`. ''; @@ -208,7 +208,7 @@ in ###### implementation config = mkIf cfg.enable { - security.sudo.extraRules = + security.sudo-rs.extraRules = let defaultRule = { users ? [], groups ? [], opts ? [] }: [ { inherit users groups; @@ -230,10 +230,10 @@ in })) ]; - security.sudo.configFile = concatStringsSep "\n" (filter (s: s != "") [ + security.sudo-rs.configFile = concatStringsSep "\n" (filter (s: s != "") [ '' - # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’ - # or ‘security.sudo.extraRules’ instead. + # Don't edit this file. Set the NixOS options ‘security.sudo-rs.configFile’ + # or ‘security.sudo-rs.extraRules’ instead. '' (optionalString enableSSHAgentAuth '' # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. |