From 1a5acce391490a45bca85941b319e5f21fef337d Mon Sep 17 00:00:00 2001
From: Noah Santschi-Cooney <noah@santschi-cooney.ch>
Date: Tue, 2 Apr 2024 15:15:53 +0100
Subject: [PATCH 1/2] nixos/sudo: update command options enum for newer sudo
 version

The enum of allowed command options (NOPASSWD, NOEXEC etc) had not been updated when bumping sudo version.
MAIL/NOMAIL were added in [1.8.13](https://www.sudo.ws/releases/legacy/#1.8.13), FOLLOW/NOFOLLOW were added in [1.8.15](https://www.sudo.ws/releases/legacy/#1.8.15) and INTERCEPT/NOINTERCEPT in [1.9.8](https://www.sudo.ws/releases/stable/#1.9.8)
---
 nixos/modules/security/sudo.nix      | 4 ++--
 pkgs/tools/security/sudo/default.nix | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix
index 6aa9445eab65..92ab2cf63bec 100644
--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@@ -163,9 +163,9 @@ in
                 };
 
                 options = mkOption {
-                  type = with types; listOf (enum [ "NOPASSWD" "PASSWD" "NOEXEC" "EXEC" "SETENV" "NOSETENV" "LOG_INPUT" "NOLOG_INPUT" "LOG_OUTPUT" "NOLOG_OUTPUT" ]);
+                  type = with types; listOf (enum [ "NOPASSWD" "PASSWD" "NOEXEC" "EXEC" "SETENV" "NOSETENV" "LOG_INPUT" "NOLOG_INPUT" "LOG_OUTPUT" "NOLOG_OUTPUT" "MAIL" "NOMAIL" "FOLLOW" "NOFLLOW" "INTERCEPT" "NOINTERCEPT"]);
                   description = mdDoc ''
-                    Options for running the command. Refer to the [sudo manual](https://www.sudo.ws/man/1.7.10/sudoers.man.html).
+                    Options for running the command. Refer to the [sudo manual](https://www.sudo.ws/docs/man/1.9.15/sudoers.man/).
                   '';
                   default = [];
                 };
diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix
index 996baca2567f..a2501cb34f58 100644
--- a/pkgs/tools/security/sudo/default.nix
+++ b/pkgs/tools/security/sudo/default.nix
@@ -14,6 +14,8 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "sudo";
+  # be sure to check if nixos/modules/security/sudo.nix needs updating when bumping
+  # e.g. links to man pages, value constraints etc.
   version = "1.9.15p5";
 
   src = fetchurl {

From 5c4858ad7ba00640baa8747144526c41bec5c4c4 Mon Sep 17 00:00:00 2001
From: Noah S-C <noah@santschi-cooney.ch>
Date: Wed, 3 Apr 2024 17:52:28 +0100
Subject: [PATCH 2/2] More specific link to tag spec

Co-authored-by: Aleksana <alexander.huang.y@gmail.com>
---
 nixos/modules/security/sudo.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix
index 92ab2cf63bec..e2e0a981ca92 100644
--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@@ -165,7 +165,7 @@ in
                 options = mkOption {
                   type = with types; listOf (enum [ "NOPASSWD" "PASSWD" "NOEXEC" "EXEC" "SETENV" "NOSETENV" "LOG_INPUT" "NOLOG_INPUT" "LOG_OUTPUT" "NOLOG_OUTPUT" "MAIL" "NOMAIL" "FOLLOW" "NOFLLOW" "INTERCEPT" "NOINTERCEPT"]);
                   description = mdDoc ''
-                    Options for running the command. Refer to the [sudo manual](https://www.sudo.ws/docs/man/1.9.15/sudoers.man/).
+                    Options for running the command. Refer to the [sudo manual](https://www.sudo.ws/docs/man/1.9.15/sudoers.man/#Tag_Spec).
                   '';
                   default = [];
                 };