diff options
| author | nicoo <nicoo@mur.at> | 2023-09-07 12:08:28 +0000 |
|---|---|---|
| committer | nicoo <nicoo@mur.at> | 2023-09-18 17:35:07 +0000 |
| commit | 8b9e867ac83fdc8a3ec4bd7746b455c2b0b79b2d (patch) | |
| tree | 32db1a0fd9a481a5ea13341f13b994a2314b731a /nixos | |
| parent | f5aadb56bed0bba1c5ade776ac49cb1d8a56ecf9 (diff) | |
nixos/sudo: Refactor checks for Todd C. Miller's implemetation
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/security/sudo.nix | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index 0c6b665ec59b7..a7e16c5d6f83f 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -4,13 +4,15 @@ with lib; let + inherit (pkgs) sudo; + cfg = config.security.sudo; enableSSHAgentAuth = with config.security; pam.enableSSHAgentAuth && pam.sudo.sshAgentAuth; - inherit (pkgs) sudo; + usingMillersSudo = cfg.package.pname == sudo.pname; toUserString = user: if (isInt user) then "#${toString user}" else "${user}"; toGroupString = group: if (isInt group) then "%#${toString group}" else "%${group}"; @@ -197,8 +199,8 @@ in config = mkIf cfg.enable { assertions = [ - { assertion = cfg.package.pname != "sudo-rs"; - message = "The NixOS `sudo` module does not work with `sudo-rs` yet."; } + { assertion = usingMillersSudo; + message = "The NixOS `sudo` module does not yet work with other implementations."; } ]; # We `mkOrder 600` so that the default rule shows up first, but there is |