From a025e848e0c60b327745c2a59712aeece3153632 Mon Sep 17 00:00:00 2001
From: Peter Simons <simons@cryp.to>
Date: Mon, 13 Aug 2012 14:37:32 +0200
Subject: [PATCH] modules/security/sudo.nix: added 'wheelNeedsPassword' option
 (default: true)

Change this setting to 'false' to allow users in the 'wheel' group to execute
commands as super user without entering a password.
---
 modules/security/sudo.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/modules/security/sudo.nix b/modules/security/sudo.nix
index e3e463e155f..211ff8a9609 100644
--- a/modules/security/sudo.nix
+++ b/modules/security/sudo.nix
@@ -25,6 +25,15 @@ in
         '';
     };
 
+    security.sudo.wheelNeedsPassword = mkOption {
+      default = true;
+      description =
+        ''
+          Whether users of the <code>wheel</code> group can execute
+          commands as super user without entering a password.
+	'';
+      };
+
     security.sudo.configFile = mkOption {
       # Note: if syntax errors are detected in this file, the NixOS
       # configuration will fail to build.
@@ -45,7 +54,7 @@ in
           root        ALL=(ALL) SETENV: ALL
 
           # Users in the "wheel" group can do anything.
-          %wheel      ALL=(ALL) SETENV: ALL
+          %wheel      ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
         '';
       description =
         ''