nixpkgs/system/sudo.nix

{pkgs, config, ...}:

###### interface
let
  inherit (pkgs.lib) mkOption;

  options = {
    security = {
      sudo = {

        enable = mkOption {
          default = true;
          description = "
            Whether to enable the <command>sudo</command> command, which
            allows non-root users to execute commands as root.
          ";
        };

        configFile = mkOption {
          default = "
# WARNING: do not edit this file directly or with \"visudo\".  Instead,
# edit the source file in /etc/nixos/nixos/etc/sudoers.

# \"root\" is allowed to do anything.
root        ALL=(ALL) SETENV: ALL

# Users in the \"wheel\" group can do anything.
%wheel      ALL=(ALL) SETENV: ALL
          ";
          description = "
            This string contains the contents of the
            <filename>sudoers</filename> file.
          ";
          # If syntax errors are detected in this file, the NixOS
          # configuration will fail to build.
        };

      };
    };
  };
in

###### implementation
let
  cfg = config.security.sudo;
  inherit (pkgs.lib) mkIf;
  inherit (pkgs) sudo;
in

mkIf cfg.enable {
  require = [
    options

    # config.environment.etc
    (import ../etc/default.nix)

    # (import ?) # config.environment.extraPackages
    # (import ?) # config.security.extraSetuidPrograms
  ];

  security = {
    extraSetuidPrograms = [
      "sudo"
    ];
  };

  environment = {
    extraPackages = [ sudo ];

    etc = [
      {
        source = ../etc/pam.d/sudo;
        target = "pam.d/sudo";
      }
      {
        source = pkgs.runCommand "sudoers"
          { src = pkgs.writeText "sudoers-in" cfg.configFile; }
          # Make sure that the sudoers file is syntactically valid.
          # (currently disabled - NIXOS-66)
          #"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
          "cp $src $out";
        target = "sudoers";
        mode = "0440";
      }
    ];
  };
}
Extra sudo configuration file from: - system/options.nix - system/system.nix - etc/default.nix svn path=/nixos/branches/fix-style/; revision=13681 2009-01-02 17:07:15 +01:00			`{pkgs, config, ...}:`

			`###### interface`
			`let`
			`inherit (pkgs.lib) mkOption;`

			`options = {`
			`security = {`
			`sudo = {`

			`enable = mkOption {`
			`default = true;`
			`description = "`
			`Whether to enable the <command>sudo</command> command, which`
			`allows non-root users to execute commands as root.`
			`";`
			`};`

			`configFile = mkOption {`
			`default = "`
			`# WARNING: do not edit this file directly or with \"visudo\". Instead,`
			`# edit the source file in /etc/nixos/nixos/etc/sudoers.`

			`# \"root\" is allowed to do anything.`
			`root ALL=(ALL) SETENV: ALL`

			`# Users in the \"wheel\" group can do anything.`
			`%wheel ALL=(ALL) SETENV: ALL`
			`";`
			`description = "`
			`This string contains the contents of the`
			`<filename>sudoers</filename> file.`
			`";`
			`# If syntax errors are detected in this file, the NixOS`
			`# configuration will fail to build.`
			`};`

			`};`
			`};`
			`};`
			`in`

			`###### implementation`
			`let`
			`cfg = config.security.sudo;`
			`inherit (pkgs.lib) mkIf;`
			`inherit (pkgs) sudo;`
			`in`

			`mkIf cfg.enable {`
			`require = [`
			`options`

			`# config.environment.etc`
			`(import ../etc/default.nix)`

			`# (import ?) # config.environment.extraPackages`
			`# (import ?) # config.security.extraSetuidPrograms`
			`];`

			`security = {`
			`extraSetuidPrograms = [`
			`"sudo"`
			`];`
			`};`

			`environment = {`
			`extraPackages = [ sudo ];`

			`etc = [`
			`{`
			`source = ../etc/pam.d/sudo;`
			`target = "pam.d/sudo";`
			`}`
			`{`
			`source = pkgs.runCommand "sudoers"`
			`{ src = pkgs.writeText "sudoers-in" cfg.configFile; }`
			`# Make sure that the sudoers file is syntactically valid.`
			`# (currently disabled - NIXOS-66)`
			`#"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";`
			`"cp $src $out";`
			`target = "sudoers";`
			`mode = "0440";`
			`}`
			`];`
			`};`
			`}`