diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-03-17 17:57:00 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-17 17:57:00 +0000 |
commit | d761f698675668cfe0a03a42a240f012321466f6 (patch) | |
tree | ffd9a50e84d73602d81d86e41bca802566e7550b /nixos/modules/security | |
parent | d621e7e1ac9d8a8eda6d35923f79c5d2b3d80130 (diff) | |
parent | 5feb5054bb08ba779bd2560a44cf7d18ddf37fea (diff) |
Merge master into staging-next
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/doas.nix | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/nixos/modules/security/doas.nix b/nixos/modules/security/doas.nix index be30a6b92e267..115ca33efb5c5 100644 --- a/nixos/modules/security/doas.nix +++ b/nixos/modules/security/doas.nix @@ -75,7 +75,9 @@ in {file}`/etc/doas.conf` file. More specific rules should come after more general ones in order to yield the expected behavior. You can use `mkBefore` and/or `mkAfter` to ensure - this is the case when configuration options are merged. + this is the case when configuration options are merged. Be aware that + this option cannot be used to override the behaviour allowing + passwordless operation for root. ''; example = literalExpression '' [ @@ -224,7 +226,9 @@ in type = with types; lines; default = ""; description = lib.mdDoc '' - Extra configuration text appended to {file}`doas.conf`. + Extra configuration text appended to {file}`doas.conf`. Be aware that + this option cannot be used to override the behaviour allowing + passwordless operation for root. ''; }; }; @@ -266,14 +270,14 @@ in # completely replace the contents of this file, use # `environment.etc."doas.conf"`. - # "root" is allowed to do anything. - permit nopass keepenv root - # extraRules ${concatStringsSep "\n" (lists.flatten (map mkRule cfg.extraRules))} # extraConfig ${cfg.extraConfig} + + # "root" is allowed to do anything. + permit nopass keepenv root ''; preferLocalBuild = true; } |