sudo: add configurable lecture option

author: Silas Schöffel <sils@sils.li> 2024-04-09 15:59:17 +0200
committer: Silas Schöffel <sils@sils.li> 2024-04-10 18:04:16 +0200
commit: 99a85fff3e119d61860e4881c58bee03013b8442 (patch)
tree: 5cda0c7db6118a4762d5d13767e131a531a4ee40 /modules
parent: sils.meta: add globalDataDir option (diff)
download: nix-config-99a85fff3e119d61860e4881c58bee03013b8442.tar.gz
nix-config-99a85fff3e119d61860e4881c58bee03013b8442.zip
1 files changed, 22 insertions, 6 deletions
diff --git a/modules/nixos/sils/sudo.nix b/modules/nixos/sils/sudo.nix
index 3dfd79d..a1904bd 100644
--- a/modules/nixos/sils/sudo.nix
+++ b/modules/nixos/sils/sudo.nix
@@ -1,8 +1,24 @@
-{...}: {
-  security.sudo = {
-    enable = true;
-    extraConfig = ''
-      Defaults lecture = never
-    '';
+{
+  config,
+  lib,
+  ...
+}: let
+  persistentLecture = !config.sils.sudo.persistentLecture.disable;
+in {
+  options.sils.sudo.persistentLecture.disable = lib.mkEnableOption "sudo lecture after every boot";
+  config = {
+    security.sudo = {
+      enable = true;
+    };
+    environment.persistence.${config.sils.meta.globalDataDir}.files = lib.mkIf persistentLecture [
+      {
+        file = "/var/db/sudo/lectured/${builtins.toString config.users.users.sils.uid}";
+        parentDirectory = {
+          user = "root";
+          group = config.users.users.sils.group;
+          mode = "0600";
+        };
+      }
+    ];
   };
 }
author	Silas Schöffel <sils@sils.li>	2024-04-09 15:59:17 +0200
committer	Silas Schöffel <sils@sils.li>	2024-04-10 18:04:16 +0200
commit	99a85fff3e119d61860e4881c58bee03013b8442 (patch)
tree	5cda0c7db6118a4762d5d13767e131a531a4ee40 /modules
parent	sils.meta: add globalDataDir option (diff)
download	nix-config-99a85fff3e119d61860e4881c58bee03013b8442.tar.gz nix-config-99a85fff3e119d61860e4881c58bee03013b8442.zip