diff options
| -rw-r--r-- | nixos/modules/security/sudo.nix | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index e3e43177def3..1ed5269c5ae7 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -173,7 +173,9 @@ in config = mkIf cfg.enable { - security.sudo.extraRules = [ + # We `mkOrder 600` so that the default rule shows up first, but there is + # still enough room for a user to `mkBefore` it. + security.sudo.extraRules = mkOrder 600 [ { groups = [ "wheel" ]; commands = [ { command = "ALL"; options = (if cfg.wheelNeedsPassword then [ "SETENV" ] else [ "NOPASSWD" "SETENV" ]); } ]; } |