nixos/sudo-rs: init

adds a new sudo-rs module that contains sudo-rs changes removed from sudo module
This commit is contained in:
Maciej Krüger 2023-09-21 14:58:59 +02:00
parent 57d41f9751
commit 7c8b8bd3e4
No known key found for this signature in database
GPG key ID: 0D948CE19CF49C5F
2 changed files with 10 additions and 9 deletions

View file

@ -311,6 +311,7 @@
./security/rngd.nix
./security/rtkit.nix
./security/sudo.nix
./security/sudo-rs.nix
./security/systemd-confinement.nix
./security/tpm2.nix
./security/wrappers/default.nix

View file

@ -6,7 +6,7 @@ let
inherit (pkgs) sudo sudo-rs;
cfg = config.security.sudo;
cfg = config.security.sudo-rs;
enableSSHAgentAuth =
with config.security;
@ -37,7 +37,7 @@ in
###### interface
options.security.sudo = {
options.security.sudo-rs = {
defaultOptions = mkOption {
type = with types; listOf str;
@ -53,7 +53,7 @@ in
enable = mkOption {
type = types.bool;
default = true;
default = false;
description = mdDoc ''
Whether to enable the {command}`sudo` command, which
allows non-root users to execute commands as root.
@ -62,8 +62,8 @@ in
package = mkOption {
type = types.package;
default = pkgs.sudo;
defaultText = literalExpression "pkgs.sudo";
default = pkgs.sudo-rs;
defaultText = literalExpression "pkgs.sudo-rs";
description = mdDoc ''
Which package to use for `sudo`.
'';
@ -208,7 +208,7 @@ in
###### implementation
config = mkIf cfg.enable {
security.sudo.extraRules =
security.sudo-rs.extraRules =
let
defaultRule = { users ? [], groups ? [], opts ? [] }: [ {
inherit users groups;
@ -230,10 +230,10 @@ in
}))
];
security.sudo.configFile = concatStringsSep "\n" (filter (s: s != "") [
security.sudo-rs.configFile = concatStringsSep "\n" (filter (s: s != "") [
''
# Don't edit this file. Set the NixOS options security.sudo.configFile
# or security.sudo.extraRules instead.
# Don't edit this file. Set the NixOS options security.sudo-rs.configFile
# or security.sudo-rs.extraRules instead.
''
(optionalString enableSSHAgentAuth ''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.