diff options
| author | nicoo <nicoo@mur.at> | 2023-10-25 22:24:04 +0000 |
|---|---|---|
| committer | nicoo <nicoo@mur.at> | 2023-11-25 14:11:24 +0000 |
| commit | 03db94319af0d0c9bab329f9db33e62d916127c8 (patch) | |
| tree | 3d0c5ab7a5e40c83ce61f9e5e40358161b5a406e /nixos/modules/security | |
| parent | 211c4b0545309a8a95a4026dca49793a61b0719e (diff) | |
nixos/sudo-rs: refactor processing of `cfg.extraRules`
Diffstat (limited to 'nixos/modules/security')
| -rw-r--r-- | nixos/modules/security/sudo-rs.nix | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/nixos/modules/security/sudo-rs.nix b/nixos/modules/security/sudo-rs.nix index 1351734c1f933..1c1cc32fa79ed 100644 --- a/nixos/modules/security/sudo-rs.nix +++ b/nixos/modules/security/sudo-rs.nix @@ -7,7 +7,6 @@ let cfg = config.security.sudo-rs; inherit (config.security.pam) enableSSHAgentAuth; - inherit (pkgs) sudo-rs; toUserString = user: if (isInt user) then "#${toString user}" else "${user}"; toGroupString = group: if (isInt group) then "%#${toString group}" else "%${group}"; @@ -236,16 +235,16 @@ in # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. Defaults env_keep+=SSH_AUTH_SOCK '') - (concatStringsSep "\n" ( - lists.flatten ( - map ( - rule: optionals (length rule.commands != 0) [ - (map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users) - (map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups) - ] - ) cfg.extraRules - ) - ) + "\n") + (pipe cfg.extraRules [ + (filter (rule: length rule.commands != 0)) + (map (rule: [ + (map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users) + (map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups) + ])) + flatten + (concatStringsSep "\n") + ]) + "\n" (optionalString (cfg.extraConfig != "") '' # extraConfig ${cfg.extraConfig} |