diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2018-11-24 18:37:46 +0100 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2018-12-27 15:00:46 +0100 |
commit | 9db84f6fcdb2616471abb6a427a2b21fe8a8255f (patch) | |
tree | dfd14c072af26d4572510f4c55f4c8886abcff41 /nixos/modules/security/misc.nix | |
parent | 2534dddaa96af8faa442ba7ac360966c7990e773 (diff) |
nixos/security/misc: use mkMerge for easier extension
Diffstat (limited to 'nixos/modules/security/misc.nix')
-rw-r--r-- | nixos/modules/security/misc.nix | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix index 42f872b7b088..f3fc6db22ead 100644 --- a/nixos/modules/security/misc.nix +++ b/nixos/modules/security/misc.nix @@ -24,16 +24,18 @@ with lib; }; }; - config = mkIf (!config.security.allowUserNamespaces) { - # Setting the number of allowed user namespaces to 0 effectively disables - # the feature at runtime. Note that root may raise the limit again - # at any time. - boot.kernel.sysctl."user.max_user_namespaces" = 0; + config = mkMerge [ + (mkIf (!config.security.allowUserNamespaces) { + # Setting the number of allowed user namespaces to 0 effectively disables + # the feature at runtime. Note that root may raise the limit again + # at any time. + boot.kernel.sysctl."user.max_user_namespaces" = 0; - assertions = [ - { assertion = config.nix.useSandbox -> config.security.allowUserNamespaces; - message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`."; - } - ]; - }; + assertions = [ + { assertion = config.nix.useSandbox -> config.security.allowUserNamespaces; + message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`."; + } + ]; + }) + ]; } |