colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/sudo: Drop the sudoers comment for extraRules

Browse Source 
All rules are now handled through `extraRules`,
and it is never empty so `optionalString` isn't needed either.
This commit is contained in:
nicoo 2023-09-07 14:36:29 +00:00
parent 717e51a140
commit c11da39117
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
nixos/modules/security/sudo.nix
View File

@ -240,19 +240,16 @@ in
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
'')
(optionalString (cfg.extraRules != []) ''
# extraRules
${concatStringsSep "\n" (
lists.flatten (
map (
rule: optionals (length rule.commands != 0) [
(map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users)
(map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups)
]
) cfg.extraRules
)
)}
'')
(concatStringsSep "\n" (
lists.flatten (
map (
rule: optionals (length rule.commands != 0) [
(map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users)
(map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups)
]
) cfg.extraRules
)
) + "\n")
(optionalString (cfg.extraConfig != "") ''
# extraConfig
${cfg.extraConfig}