diff options
| author | nicoo <nicoo@mur.at> | 2023-10-22 19:22:44 +0000 |
|---|---|---|
| committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2023-11-26 18:58:00 +0000 |
| commit | 6dd11c64ed3bf65acbc0a2ec5293b8af5a1e8072 (patch) | |
| tree | 6de64f6e9c80b56ec52f8cdbf07e7d34281c0e50 /nixos/modules | |
| parent | 6c19b0636125e67ddf61942107adfa766ebc34d7 (diff) | |
nixos/sudo-rs: Drop checks for sudo implementation
(cherry picked from commit 165b600f01f1d6fc2cde701a50bd033a817912e6)
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/security/sudo-rs.nix | 18 |
1 files changed, 3 insertions, 15 deletions
diff --git a/nixos/modules/security/sudo-rs.nix b/nixos/modules/security/sudo-rs.nix index 2ef9cae8caf8e..dcbbc2da64411 100644 --- a/nixos/modules/security/sudo-rs.nix +++ b/nixos/modules/security/sudo-rs.nix @@ -9,9 +9,6 @@ let inherit (config.security.pam) enableSSHAgentAuth; inherit (pkgs) sudo sudo-rs; - usingMillersSudo = cfg.package.pname == sudo.pname; - usingSudoRs = cfg.package.pname == sudo-rs.pname; - toUserString = user: if (isInt user) then "#${toString user}" else "${user}"; toGroupString = group: if (isInt group) then "%#${toString group}" else "%${group}"; @@ -38,10 +35,7 @@ in defaultOptions = mkOption { type = with types; listOf str; - default = optional usingMillersSudo "SETENV"; - defaultText = literalMD '' - `[ "SETENV" ]` if using the default `sudo` implementation - ''; + default = []; description = mdDoc '' Options used for the default rules, granting `root` and the `wheel` group permission to run any command as any user. @@ -268,18 +262,12 @@ in source = "${cfg.package.out}/bin/sudo"; inherit owner group setuid permissions; }; - # sudo-rs does not yet ship a sudoedit (as of v0.2.0) - sudoedit = mkIf usingMillersSudo { - source = "${cfg.package.out}/bin/sudoedit"; - inherit owner group setuid permissions; - }; }; environment.systemPackages = [ sudo ]; security.pam.services.sudo = { sshAgentAuth = true; usshAuth = true; }; - security.pam.services.sudo-i = mkIf usingSudoRs - { sshAgentAuth = true; usshAuth = true; }; + security.pam.services.sudo-i = { sshAgentAuth = true; usshAuth = true; }; environment.etc.sudoers = { source = @@ -288,7 +276,7 @@ in src = pkgs.writeText "sudoers-in" cfg.configFile; preferLocalBuild = true; } - "${pkgs.buildPackages."${cfg.package.pname}"}/bin/visudo -f $src -c && cp $src $out"; + "${pkgs.buildPackages.sudo-rs}/bin/visudo -f $src -c && cp $src $out"; mode = "0440"; }; |