Merge pull request #87579 from cole-h/sudo

nixos/sudo: default rule should be first
This commit is contained in:
worldofpeace 2020-06-17 20:56:10 -04:00 committed by GitHub
commit d7122c3a32
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -173,7 +173,9 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
security.sudo.extraRules = [ # We `mkOrder 600` so that the default rule shows up first, but there is
# still enough room for a user to `mkBefore` it.
security.sudo.extraRules = mkOrder 600 [
{ groups = [ "wheel" ]; { groups = [ "wheel" ];
commands = [ { command = "ALL"; options = (if cfg.wheelNeedsPassword then [ "SETENV" ] else [ "NOPASSWD" "SETENV" ]); } ]; commands = [ { command = "ALL"; options = (if cfg.wheelNeedsPassword then [ "SETENV" ] else [ "NOPASSWD" "SETENV" ]); } ];
} }