From 1e8b8e6d38be9bc0ec887e71e4ee8b0f50a4ddcd Mon Sep 17 00:00:00 2001
From: Andreas Wiese <aw-nixos@meterriblecrew.net>
Date: Wed, 27 Sep 2023 11:22:09 +0200
Subject: nixos/usbguard: don't use path literal for pure evaluation

PR#256295 reintroduced ruleFile option, but set the default as a path
literal, which was a "string path" previously.  This breaks evaluation
for being impure:

  error: access to absolute path '/var/lib/usbguard/rules.conf' is forbidden in pure eval mode (use '--impure' to override)
---
 nixos/modules/services/security/usbguard.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'nixos/modules/services/security')

diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix
index 483bfe046df2..071e69975143 100644
--- a/nixos/modules/services/security/usbguard.nix
+++ b/nixos/modules/services/security/usbguard.nix
@@ -51,8 +51,8 @@ in
 
       ruleFile = mkOption {
         type = types.nullOr types.path;
-        default = /var/lib/usbguard/rules.conf;
-        example = /run/secrets/usbguard-rules;
+        default = "/var/lib/usbguard/rules.conf";
+        example = "/run/secrets/usbguard-rules";
         description = lib.mdDoc ''
           This tells the USBGuard daemon which file to load as policy rule set.
 
-- 
cgit 1.4.1