diff options
| author | nessdoor <entropy.overseer@entropic.network> | 2024-05-20 18:28:31 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-20 12:28:31 -0400 |
| commit | 633479572e40312f0b38936a3262a073242a25c2 (patch) | |
| tree | 5e1f28b205a003719cde0f357eff16a3a3a55ad4 /nixos/modules/config/nsswitch.nix | |
| parent | bef59fb52c35e64e418a8d4027576c12a51ec3f3 (diff) | |
nixos/nsswitch: add support for overriding sudoers entries (#310818)
Diffstat (limited to 'nixos/modules/config/nsswitch.nix')
| -rw-r--r-- | nixos/modules/config/nsswitch.nix | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix index c7ba9b8eec6a..fe0402ee9e66 100644 --- a/nixos/modules/config/nsswitch.nix +++ b/nixos/modules/config/nsswitch.nix @@ -12,7 +12,7 @@ with lib; system.nssModules = mkOption { type = types.listOf types.path; internal = true; - default = []; + default = [ ]; description = '' Search path for NSS (Name Service Switch) modules. This allows several DNS resolution methods to be specified via @@ -35,7 +35,7 @@ with lib; This option only takes effect if nscd is enabled. ''; - default = []; + default = [ ]; }; group = mkOption { @@ -47,7 +47,7 @@ with lib; This option only takes effect if nscd is enabled. ''; - default = []; + default = [ ]; }; shadow = mkOption { @@ -59,7 +59,19 @@ with lib; This option only takes effect if nscd is enabled. ''; - default = []; + default = [ ]; + }; + + sudoers = mkOption { + type = types.listOf types.str; + description = '' + List of sudoers entries to configure in {file}`/etc/nsswitch.conf`. + + Note that "files" is always prepended. + + This option only takes effect if nscd is enabled. + ''; + default = [ ]; }; hosts = mkOption { @@ -71,7 +83,7 @@ with lib; This option only takes effect if nscd is enabled. ''; - default = []; + default = [ ]; }; services = mkOption { @@ -83,7 +95,7 @@ with lib; This option only takes effect if nscd is enabled. ''; - default = []; + default = [ ]; }; }; }; @@ -112,6 +124,7 @@ with lib; passwd: ${concatStringsSep " " config.system.nssDatabases.passwd} group: ${concatStringsSep " " config.system.nssDatabases.group} shadow: ${concatStringsSep " " config.system.nssDatabases.shadow} + sudoers: ${concatStringsSep " " config.system.nssDatabases.sudoers} hosts: ${concatStringsSep " " config.system.nssDatabases.hosts} networks: files @@ -126,6 +139,7 @@ with lib; passwd = mkBefore [ "files" ]; group = mkBefore [ "files" ]; shadow = mkBefore [ "files" ]; + sudoers = mkBefore [ "files" ]; hosts = mkMerge [ (mkOrder 998 [ "files" ]) (mkOrder 1499 [ "dns" ]) |