diff options
| author | nicoo <nicoo@mur.at> | 2023-10-22 18:58:12 +0000 |
|---|---|---|
| committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2023-11-26 18:58:00 +0000 |
| commit | 1fb44a71bc67fadcb6075979822ce68a92283d22 (patch) | |
| tree | 32f5e8e90e1619b50cf9403ba453c6a4032c7894 | |
| parent | nixos/release-notes: Tidy-up location of `sudo-rs` link definition (diff) | |
| download | nixpkgs-1fb44a71bc67fadcb6075979822ce68a92283d22.tar.gz | |
nixos/sudo-rs: Simplify activation
(cherry picked from commit b05648b541f6747ab68a2b245d453ed2f8a5da85)
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2311.section.md | 2 | ||||
| -rw-r--r-- | nixos/modules/security/sudo-rs.nix | 6 | ||||
| -rw-r--r-- | nixos/tests/sudo-rs.nix | 4 |
3 files changed, 7 insertions, 5 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 355e4efa56ac..c493bece8d20 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -22,7 +22,7 @@ - [`sudo-rs`], a reimplementation of `sudo` in Rust, is now supported. An experimental new module `security.sudo-rs` was added. - Switching to it (via `security.sudo.enable = false; security.sudo-rs.enable = true;`) introduces + Switching to it (via ` security.sudo-rs.enable = true;`) introduces slight changes in sudo behaviour, due to `sudo-rs`' current limitations: - terminfo-related environment variables aren't preserved for `root` and `wheel`; - `root` and `wheel` are not given the ability to set (or preserve) diff --git a/nixos/modules/security/sudo-rs.nix b/nixos/modules/security/sudo-rs.nix index 6b8f09a8d3d0..3f872e76df2c 100644 --- a/nixos/modules/security/sudo-rs.nix +++ b/nixos/modules/security/sudo-rs.nix @@ -208,6 +208,12 @@ in ###### implementation config = mkIf cfg.enable { + assertions = [ { + assertion = ! config.security.sudo.enable; + message = "`security.sudo` and `security.sudo-rs` cannot both be enabled"; + }]; + security.sudo.enable = mkDefault false; + security.sudo-rs.extraRules = let defaultRule = { users ? [], groups ? [], opts ? [] }: [ { diff --git a/nixos/tests/sudo-rs.nix b/nixos/tests/sudo-rs.nix index 6006863217b6..59a9280d862a 100644 --- a/nixos/tests/sudo-rs.nix +++ b/nixos/tests/sudo-rs.nix @@ -22,8 +22,6 @@ in test5 = { isNormalUser = true; }; }; - security.sudo.enable = false; - security.sudo-rs = { enable = true; package = pkgs.sudo-rs; @@ -56,8 +54,6 @@ in noadmin = { isNormalUser = true; }; }; - security.sudo.enable = false; - security.sudo-rs = { package = pkgs.sudo-rs; enable = true; |