26 lines
768 B
Nix
26 lines
768 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
security.sudo = {
|
|
enable = true;
|
|
execWheelOnly = true;
|
|
extraConfig = ''
|
|
Defaults lecture = never
|
|
'';
|
|
};
|
|
|
|
assertions =
|
|
let
|
|
validUsers = users: users == [ ] || users == [ "root" ];
|
|
validGroups = groups: groups == [ ] || groups == [ "wheel" ];
|
|
validUserGroups = builtins.all (
|
|
r: validUsers (r.users or [ ]) && validGroups (r.groups or [ ])
|
|
) config.security.sudo.extraRules;
|
|
in
|
|
[
|
|
{
|
|
assertion = config.security.sudo.execWheelOnly -> validUserGroups;
|
|
message = "Some definitions in `security.sudo.extraRules` refer to users other than 'root' or groups other than 'wheel'. Disable `config.security.sudo.execWheelOnly`, or adjust the rules.";
|
|
}
|
|
];
|
|
}
|