diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/security/sudo.nix | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index aab5213d6dc5..03f38b543d66 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -32,6 +32,15 @@ in options.security.sudo = { + defaultOptions = mkOption { + type = with types; listOf str; + default = [ "SETENV" ]; + description = mdDoc '' + Options used for the default rules, granting `root` and the + `wheel` group permission to run any command as any user. + ''; + }; + enable = mkEnableOption (mdDoc '' the {command}`sudo` command, which allows non-root users to execute commands as root. ''); @@ -188,8 +197,8 @@ in inherit users groups; commands = [ { command = "ALL"; - options = opts ++ [ "SETENV" ]; - } ]; + options = opts ++ cfg.defaultOptions; + } ]; } ]; in mkMerge [ # This is ordered before users' `mkBefore` rules, |