public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make it easier to append to the default sudo configuration

Browse Source
This commit is contained in:
Eelco Dolstra 2012-11-23 15:14:16 +01:00
parent e76eb7f1a7
commit f3c9c83e04
1 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
modules/security/sudo.nix
View File

@ -37,25 +37,6 @@ in
security.sudo.configFile = mkOption { security.sudo.configFile = mkOption {
# Note: if syntax errors are detected in this file, the NixOS # Note: if syntax errors are detected in this file, the NixOS
# configuration will fail to build. # configuration will fail to build.
default =
''
# Don't edit this file. Set the NixOS option security.sudo.configFile instead.
# Environment variables to keep for root and %wheel.
Defaults:root,%wheel env_keep+=LOCALE_ARCHIVE
Defaults:root,%wheel env_keep+=NIX_CONF_DIR
Defaults:root,%wheel env_keep+=NIX_PATH
Defaults:root,%wheel env_keep+=TERMINFO_DIRS
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
# "root" is allowed to do anything.
root ALL=(ALL) SETENV: ALL
# Users in the "wheel" group can do anything.
%wheel ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
'';
description = description =
'' ''
This string contains the contents of the This string contains the contents of the
@ -69,6 +50,26 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
security.sudo.configFile =
''
# Don't edit this file. Set the NixOS option security.sudo.configFile instead.
# Environment variables to keep for root and %wheel.
Defaults:root,%wheel env_keep+=LOCALE_ARCHIVE
Defaults:root,%wheel env_keep+=NIX_CONF_DIR
Defaults:root,%wheel env_keep+=NIX_PATH
Defaults:root,%wheel env_keep+=TERMINFO_DIRS
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
# "root" is allowed to do anything.
root ALL=(ALL) SETENV: ALL
# Users in the "wheel" group can do anything.
%wheel ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
'';
security.setuidPrograms = [ "sudo" ]; security.setuidPrograms = [ "sudo" ];
environment.systemPackages = [ sudo ]; environment.systemPackages = [ sudo ];