modules/security/sudo.nix: added 'wheelNeedsPassword' option (default: true)

Change this setting to 'false' to allow users in the 'wheel' group to execute commands as super user without entering a password.
2012-08-13 14:37:32 +02:00 · 2012-08-13 14:37:32 +02:00 · a025e848e0
commit a025e848e0
parent 85997a6692
1 changed files with 10 additions and 1 deletions
--- a/modules/security/sudo.nix
+++ b/modules/security/sudo.nix
@ -25,6 +25,15 @@ in
        '';
    };

+    security.sudo.wheelNeedsPassword = mkOption {
+      default = true;
+      description =
+        ''
+          Whether users of the <code>wheel</code> group can execute
+          commands as super user without entering a password.
+	'';
+      };
+
    security.sudo.configFile = mkOption {
      # Note: if syntax errors are detected in this file, the NixOS
      # configuration will fail to build.
@ -45,7 +54,7 @@ in
          root        ALL=(ALL) SETENV: ALL

          # Users in the "wheel" group can do anything.
-          %wheel      ALL=(ALL) SETENV: ALL
+          %wheel      ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
        '';
      description =
        ''