diff options
| author | nicoo <nicoo@mur.at> | 2023-09-07 12:50:48 +0000 |
|---|---|---|
| committer | nicoo <nicoo@mur.at> | 2023-11-08 19:41:39 +0000 |
| commit | 1852b67bc60e34ae6e7d3cba51892668a83e1a1d (patch) | |
| tree | 6041d61fdbdceda5b7f29b09e4f81a2bd0db76f9 /nixos/modules | |
| parent | 93011e31bddcd11765eff62defb796cc2d373acb (diff) | |
nixos/sudo: Make the default rules' options configurable
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/security/sudo.nix | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index aab5213d6dc5..03f38b543d66 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -32,6 +32,15 @@ in options.security.sudo = { + defaultOptions = mkOption { + type = with types; listOf str; + default = [ "SETENV" ]; + description = mdDoc '' + Options used for the default rules, granting `root` and the + `wheel` group permission to run any command as any user. + ''; + }; + enable = mkEnableOption (mdDoc '' the {command}`sudo` command, which allows non-root users to execute commands as root. ''); @@ -188,8 +197,8 @@ in inherit users groups; commands = [ { command = "ALL"; - options = opts ++ [ "SETENV" ]; - } ]; + options = opts ++ cfg.defaultOptions; + } ]; } ]; in mkMerge [ # This is ordered before users' `mkBefore` rules, |