diff options
Diffstat (limited to 'nixpkgs/nixos/modules/security/sudo.nix')
-rw-r--r-- | nixpkgs/nixos/modules/security/sudo.nix | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/nixpkgs/nixos/modules/security/sudo.nix b/nixpkgs/nixos/modules/security/sudo.nix index d899806ef05..e3e43177def 100644 --- a/nixpkgs/nixos/modules/security/sudo.nix +++ b/nixpkgs/nixos/modules/security/sudo.nix @@ -71,23 +71,25 @@ in this is the case when configuration options are merged. ''; default = []; - example = [ - # Allow execution of any command by all users in group sudo, - # requiring a password. - { groups = [ "sudo" ]; commands = [ "ALL" ]; } - - # Allow execution of "/home/root/secret.sh" by user `backup`, `database` - # and the group with GID `1006` without a password. - { users = [ "backup" "database" ]; groups = [ 1006 ]; - commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; } - - # Allow all users of group `bar` to run two executables as user `foo` - # with arguments being pre-set. - { groups = [ "bar" ]; runAs = "foo"; - commands = - [ "/home/baz/cmd1.sh hello-sudo" - { command = ''/home/baz/cmd2.sh ""''; options = [ "SETENV" ]; } ]; } - ]; + example = literalExample '' + [ + # Allow execution of any command by all users in group sudo, + # requiring a password. + { groups = [ "sudo" ]; commands = [ "ALL" ]; } + + # Allow execution of "/home/root/secret.sh" by user `backup`, `database` + # and the group with GID `1006` without a password. + { users = [ "backup" "database" ]; groups = [ 1006 ]; + commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; } + + # Allow all users of group `bar` to run two executables as user `foo` + # with arguments being pre-set. + { groups = [ "bar" ]; runAs = "foo"; + commands = + [ "/home/baz/cmd1.sh hello-sudo" + { command = '''/home/baz/cmd2.sh ""'''; options = [ "SETENV" ]; } ]; } + ] + ''; type = with types; listOf (submodule { options = { users = mkOption { |