about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authornicoo <nicoo@mur.at>2023-10-22 18:58:12 +0000
committergithub-actions[bot] <github-actions[bot]@users.noreply.github.com>2023-11-26 18:58:00 +0000
commit1fb44a71bc67fadcb6075979822ce68a92283d22 (patch)
tree32f5e8e90e1619b50cf9403ba453c6a4032c7894 /nixos
parentfac6fb2af223bad13dc95d92a74366599c9c9603 (diff)
nixos/sudo-rs: Simplify activation
(cherry picked from commit b05648b541f6747ab68a2b245d453ed2f8a5da85)
Diffstat (limited to 'nixos')
-rw-r--r--nixos/doc/manual/release-notes/rl-2311.section.md2
-rw-r--r--nixos/modules/security/sudo-rs.nix6
-rw-r--r--nixos/tests/sudo-rs.nix4
3 files changed, 7 insertions, 5 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md
index 355e4efa56acd..c493bece8d206 100644
--- a/nixos/doc/manual/release-notes/rl-2311.section.md
+++ b/nixos/doc/manual/release-notes/rl-2311.section.md
@@ -22,7 +22,7 @@
 
 - [`sudo-rs`], a reimplementation of `sudo` in Rust, is now supported.
   An experimental new module `security.sudo-rs` was added.
-  Switching to it (via `security.sudo.enable = false; security.sudo-rs.enable = true;`) introduces
+  Switching to it (via ` security.sudo-rs.enable = true;`) introduces
   slight changes in sudo behaviour, due to `sudo-rs`' current limitations:
   - terminfo-related environment variables aren't preserved for `root` and `wheel`;
   - `root` and `wheel` are not given the ability to set (or preserve)
diff --git a/nixos/modules/security/sudo-rs.nix b/nixos/modules/security/sudo-rs.nix
index 6b8f09a8d3d0c..3f872e76df2cd 100644
--- a/nixos/modules/security/sudo-rs.nix
+++ b/nixos/modules/security/sudo-rs.nix
@@ -208,6 +208,12 @@ in
   ###### implementation
 
   config = mkIf cfg.enable {
+    assertions = [ {
+      assertion = ! config.security.sudo.enable;
+      message = "`security.sudo` and `security.sudo-rs` cannot both be enabled";
+    }];
+    security.sudo.enable = mkDefault false;
+
     security.sudo-rs.extraRules =
       let
         defaultRule = { users ? [], groups ? [], opts ? [] }: [ {
diff --git a/nixos/tests/sudo-rs.nix b/nixos/tests/sudo-rs.nix
index 6006863217b69..59a9280d862ad 100644
--- a/nixos/tests/sudo-rs.nix
+++ b/nixos/tests/sudo-rs.nix
@@ -22,8 +22,6 @@ in
           test5 = { isNormalUser = true; };
         };
 
-        security.sudo.enable = false;
-
         security.sudo-rs = {
           enable = true;
           package = pkgs.sudo-rs;
@@ -56,8 +54,6 @@ in
         noadmin = { isNormalUser = true; };
       };
 
-      security.sudo.enable = false;
-
       security.sudo-rs = {
         package = pkgs.sudo-rs;
         enable = true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-20 19:05:21 +0000