pyrox.dev / nixpkgs
lol
fork atom

nixos/sudo-rs: init

adds a new sudo-rs module that contains sudo-rs changes removed from sudo module

Maciej Krüger 7c8b8bd3 57d41f97

options
unified split
Changed files
+10 -9
nixos
modules
module-list.nix
security
sudo-rs.nix
+1
nixos/modules/module-list.nix 
···

       
311

       
311

       
 

       
  ./security/rngd.nix


     

       
312

       
312

       
 

       
  ./security/rtkit.nix


     

       
313

       
313

       
 

       
  ./security/sudo.nix


     

       

       
314

       
+

       
  ./security/sudo-rs.nix


     

       
314

       
315

       
 

       
  ./security/systemd-confinement.nix


     

       
315

       
316

       
 

       
  ./security/tpm2.nix


     

       
316

       
317

       
 

       
  ./security/wrappers/default.nix
+9 -9
nixos/modules/security/sudo-rs.nix 
···

       
6

       
6

       
 

       



     

       
7

       
7

       
 

       
  inherit (pkgs) sudo sudo-rs;


     

       
8

       
8

       
 

       



     

       
9

       

       
-

       
  cfg = config.security.sudo;


     

       

       
9

       
+

       
  cfg = config.security.sudo-rs;


     

       
10

       
10

       
 

       



     

       
11

       
11

       
 

       
  enableSSHAgentAuth =


     

       
12

       
12

       
 

       
    with config.security;


     
···

       
37

       
37

       
 

       



     

       
38

       
38

       
 

       
  ###### interface


     

       
39

       
39

       
 

       



     

       
40

       

       
-

       
  options.security.sudo = {


     

       

       
40

       
+

       
  options.security.sudo-rs = {


     

       
41

       
41

       
 

       



     

       
42

       
42

       
 

       
    defaultOptions = mkOption {


     

       
43

       
43

       
 

       
      type = with types; listOf str;


     
···

       
53

       
53

       
 

       



     

       
54

       
54

       
 

       
    enable = mkOption {


     

       
55

       
55

       
 

       
      type = types.bool;


     

       
56

       

       
-

       
      default = true;


     

       

       
56

       
+

       
      default = false;


     

       
57

       
57

       
 

       
      description = mdDoc ''


     

       
58

       
58

       
 

       
        Whether to enable the {command}`sudo` command, which


     

       
59

       
59

       
 

       
        allows non-root users to execute commands as root.


     
···

       
62

       
62

       
 

       



     

       
63

       
63

       
 

       
    package = mkOption {


     

       
64

       
64

       
 

       
      type = types.package;


     

       
65

       

       
-

       
      default = pkgs.sudo;


     

       
66

       

       
-

       
      defaultText = literalExpression "pkgs.sudo";


     

       

       
65

       
+

       
      default = pkgs.sudo-rs;


     

       

       
66

       
+

       
      defaultText = literalExpression "pkgs.sudo-rs";


     

       
67

       
67

       
 

       
      description = mdDoc ''


     

       
68

       
68

       
 

       
        Which package to use for `sudo`.


     

       
69

       
69

       
 

       
      '';


     
···

       
208

       
208

       
 

       
  ###### implementation


     

       
209

       
209

       
 

       



     

       
210

       
210

       
 

       
  config = mkIf cfg.enable {


     

       
211

       

       
-

       
    security.sudo.extraRules =


     

       

       
211

       
+

       
    security.sudo-rs.extraRules =


     

       
212

       
212

       
 

       
      let


     

       
213

       
213

       
 

       
        defaultRule = { users ? [], groups ? [], opts ? [] }: [ {


     

       
214

       
214

       
 

       
          inherit users groups;


     
···

       
230

       
230

       
 

       
        }))


     

       
231

       
231

       
 

       
      ];


     

       
232

       
232

       
 

       



     

       
233

       

       
-

       
    security.sudo.configFile = concatStringsSep "\n" (filter (s: s != "") [


     

       

       
233

       
+

       
    security.sudo-rs.configFile = concatStringsSep "\n" (filter (s: s != "") [


     

       
234

       
234

       
 

       
      ''


     

       
235

       

       
-

       
        # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’


     

       
236

       

       
-

       
        # or ‘security.sudo.extraRules’ instead.


     

       

       
235

       
+

       
        # Don't edit this file. Set the NixOS options ‘security.sudo-rs.configFile’


     

       

       
236

       
+

       
        # or ‘security.sudo-rs.extraRules’ instead.


     

       
237

       
237

       
 

       
      ''


     

       
238

       
238

       
 

       
      (optionalString enableSSHAgentAuth ''


     

       
239

       
239

       
 

       
        # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.