Extra sudo configuration file from:

- system/options.nix - system/system.nix - etc/default.nix svn path=/nixos/branches/fix-style/; revision=13681
2009-01-02 16:07:15 +00:00 · 2009-01-02 16:07:15 +00:00 · 44f1d9f0bf
commit 44f1d9f0bf
parent 79bfab0e07
4 changed files with 90 additions and 47 deletions
--- a/etc/default.nix
+++ b/etc/default.nix
@ -192,19 +192,6 @@ let
    target = "ldap.conf";
  }
    
-  # "sudo" configuration.
-  ++ optional config.security.sudo.enable {
-    source = pkgs.runCommand "sudoers"
-      { src = pkgs.writeText "sudoers-in" (config.security.sudo.configFile);
-      }
-      # Make sure that the sudoers file is syntactically valid.
-      # (currently disabled - NIXOS-66)
-      #"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
-      "cp $src $out";
-    target = "sudoers";
-    mode = "0440";
-  }
-    
  # A bunch of PAM configuration files for various programs.
  ++ (map
    (program:
@ -227,7 +214,6 @@ let
      "login"
      "slim"
      "su"
-      "sudo"
      "other"
      "passwd"
      "shadow"
--- a/system/options.nix
+++ b/system/options.nix
@ -2608,37 +2608,6 @@ in
      };
    };

-    sudo = {
-
-      enable = mkOption {
-        default = true;
-        description = "
-          Whether to enable the <command>sudo</command> command, which
-          allows non-root users to execute commands as root.
-        ";
-      };
-
-      configFile = mkOption {
-        default = "
-# WARNING: do not edit this file directly or with \"visudo\".  Instead,
-# edit the source file in /etc/nixos/nixos/etc/sudoers.
-
-# \"root\" is allowed to do anything.
-root        ALL=(ALL) SETENV: ALL
-
-# Users in the \"wheel\" group can do anything.
-%wheel      ALL=(ALL) SETENV: ALL
-        ";
-        description = "
-          This string contains the contents of the
-          <filename>sudoers</filename> file.  If syntax errors are
-          detected in this file, the NixOS configuration will fail to
-          build. 
-        ";
-      };
-
-    };
-
  };


@ -2853,6 +2822,9 @@ root        ALL=(ALL) SETENV: ALL
    (import ../system/activate-configuration.nix)
    (import ../upstart-jobs/default.nix)

+    # security
+    (import ../system/sudo.nix)
+
    # environment
    (import ../etc/default.nix)

--- a/system/sudo.nix
+++ b/system/sudo.nix
@ -0,0 +1,87 @@
+{pkgs, config, ...}:
+
+###### interface
+let
+  inherit (pkgs.lib) mkOption;
+
+  options = {
+    security = {
+      sudo = {
+
+        enable = mkOption {
+          default = true;
+          description = "
+            Whether to enable the <command>sudo</command> command, which
+            allows non-root users to execute commands as root.
+          ";
+        };
+
+        configFile = mkOption {
+          default = "
+# WARNING: do not edit this file directly or with \"visudo\".  Instead,
+# edit the source file in /etc/nixos/nixos/etc/sudoers.
+
+# \"root\" is allowed to do anything.
+root        ALL=(ALL) SETENV: ALL
+
+# Users in the \"wheel\" group can do anything.
+%wheel      ALL=(ALL) SETENV: ALL
+          ";
+          description = "
+            This string contains the contents of the
+            <filename>sudoers</filename> file.
+          ";
+          # If syntax errors are detected in this file, the NixOS
+          # configuration will fail to build.
+        };
+
+      };
+    };
+  };
+in
+
+###### implementation
+let
+  cfg = config.security.sudo;
+  inherit (pkgs.lib) mkIf;
+  inherit (pkgs) sudo;
+in
+
+mkIf cfg.enable {
+  require = [
+    options
+
+    # config.environment.etc
+    (import ../etc/default.nix)
+
+    # (import ?) # config.environment.extraPackages
+    # (import ?) # config.security.extraSetuidPrograms
+  ];
+
+  security = {
+    extraSetuidPrograms = [
+      "sudo"
+    ];
+  };
+
+  environment = {
+    extraPackages = [ sudo ];
+
+    etc = [
+      {
+        source = ../etc/pam.d/sudo;
+        target = "pam.d/sudo";
+      }
+      {
+        source = pkgs.runCommand "sudoers"
+          { src = pkgs.writeText "sudoers-in" cfg.configFile; }
+          # Make sure that the sudoers file is syntactically valid.
+          # (currently disabled - NIXOS-66)
+          #"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
+          "cp $src $out";
+        target = "sudoers";
+        mode = "0440";
+      }
+    ];
+  };
+}
--- a/system/system.nix
+++ b/system/system.nix
@ -158,7 +158,6 @@ rec {
        pkgs.utillinux
        pkgs.wirelesstools
      ]
-      ++ pkgs.lib.optional config.security.sudo.enable pkgs.sudo
      ++ pkgs.lib.optional config.services.bitlbee.enable pkgs.bitlbee
      ++ pkgs.lib.optional config.networking.defaultMailServer.directDelivery pkgs.ssmtp 
      ++ config.environment.extraPackages
@ -199,7 +198,6 @@ rec {
    setuidPrograms =
      config.security.setuidPrograms ++
      config.security.extraSetuidPrograms ++
-      pkgs.lib.optional config.security.sudo.enable "sudo" ++
      pkgs.lib.optional (config.services.xserver.sessionType == "kde") "kcheckpass" ++
      map ( x : x.program ) config.security.setuidOwners;