diff options
| author | nicoo <nicoo@mur.at> | 2023-09-07 14:36:29 +0000 |
|---|---|---|
| committer | nicoo <nicoo@mur.at> | 2023-09-18 17:36:15 +0000 |
| commit | c11da39117871fce949423b3e27da6b796d36957 (patch) | |
| tree | ff36a5f8eb1e9d0e43cfe15c269f42e3ebcad7ac /nixos/modules/security | |
| parent | 717e51a140d6af347b5362ddb149a2c343b947b8 (diff) | |
nixos/sudo: Drop the sudoers comment for `extraRules`
All rules are now handled through `extraRules`, and it is never empty so `optionalString` isn't needed either.
Diffstat (limited to 'nixos/modules/security')
| -rw-r--r-- | nixos/modules/security/sudo.nix | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index 882e3d18aa430..4bf214f73eaff 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -240,19 +240,16 @@ in # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. Defaults env_keep+=SSH_AUTH_SOCK '') - (optionalString (cfg.extraRules != []) '' - # extraRules - ${concatStringsSep "\n" ( - lists.flatten ( - map ( - rule: optionals (length rule.commands != 0) [ - (map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users) - (map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups) - ] - ) cfg.extraRules - ) - )} - '') + (concatStringsSep "\n" ( + lists.flatten ( + map ( + rule: optionals (length rule.commands != 0) [ + (map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users) + (map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups) + ] + ) cfg.extraRules + ) + ) + "\n") (optionalString (cfg.extraConfig != "") '' # extraConfig ${cfg.extraConfig} |