summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorSilas Schöffel <sils@sils.li>2024-04-09 15:59:17 +0200
committerSilas Schöffel <sils@sils.li>2024-04-10 18:04:16 +0200
commit99a85fff3e119d61860e4881c58bee03013b8442 (patch)
tree5cda0c7db6118a4762d5d13767e131a531a4ee40
parentsils.meta: add globalDataDir option (diff)
downloadnix-config-99a85fff3e119d61860e4881c58bee03013b8442.tar.gz
nix-config-99a85fff3e119d61860e4881c58bee03013b8442.zip
sudo: add configurable lecture option
Diffstat (limited to '')
-rw-r--r--modules/nixos/sils/sudo.nix28
1 files changed, 22 insertions, 6 deletions
diff --git a/modules/nixos/sils/sudo.nix b/modules/nixos/sils/sudo.nix
index 3dfd79d..a1904bd 100644
--- a/modules/nixos/sils/sudo.nix
+++ b/modules/nixos/sils/sudo.nix
@@ -1,8 +1,24 @@
-{...}: {
-  security.sudo = {
-    enable = true;
-    extraConfig = ''
-      Defaults lecture = never
-    '';
+{
+  config,
+  lib,
+  ...
+}: let
+  persistentLecture = !config.sils.sudo.persistentLecture.disable;
+in {
+  options.sils.sudo.persistentLecture.disable = lib.mkEnableOption "sudo lecture after every boot";
+  config = {
+    security.sudo = {
+      enable = true;
+    };
+    environment.persistence.${config.sils.meta.globalDataDir}.files = lib.mkIf persistentLecture [
+      {
+        file = "/var/db/sudo/lectured/${builtins.toString config.users.users.sils.uid}";
+        parentDirectory = {
+          user = "root";
+          group = config.users.users.sils.group;
+          mode = "0600";
+        };
+      }
+    ];
   };
 }