about summary refs log tree commit diff
path: root/nixos/modules/security/sudo.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/security/sudo.nix')
-rw-r--r--nixos/modules/security/sudo.nix12
1 files changed, 8 insertions, 4 deletions
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix
index c665c15242a5..4728a697de86 100644
--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@@ -203,7 +203,7 @@ in
       }
     ];
 
-    security.sudo.configFile =
+    security.sudo.configFile = concatStringsSep "\n" (filter (s: s != "") [
       ''
         # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’
         # or ‘security.sudo.extraRules’ instead.
@@ -213,7 +213,8 @@ in
 
         # "root" is allowed to do anything.
         root        ALL=(ALL:ALL) SETENV: ALL
-
+      ''
+      (optionalString (cfg.extraRules != []) ''
         # extraRules
         ${concatStringsSep "\n" (
           lists.flatten (
@@ -225,9 +226,12 @@ in
             ) cfg.extraRules
           )
         )}
-
+      '')
+      (optionalString (cfg.extraConfig != "") ''
+        # extraConfig
         ${cfg.extraConfig}
-      '';
+      '')
+    ]);
 
     security.wrappers = let
       owner = "root";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-17 00:52:48 +0000