system/modules/nixos/configs/security.nix

{ config, lib, ... }:

let
  cfg = config.local.security.sudo;
in
{
  options.local.security.sudo = with lib; {
    nopasswd = mkOption {
      type = types.listOf (types.submodule {
        options = {
          commands = mkOption {
            type = with types; listOf (either str package);
          };
          groups = mkOption {
            type = types.listOf types.str;
            default = [ "wheel" ];
          };
        };
      });
      default = [ ];
    };
  };

  config = lib.mkIf (cfg.nopasswd != [ ]) {
    security.sudo.extraRules = lib.flip map cfg.nopasswd (rule: {
      inherit (rule) groups;
      commands = lib.flip map rule.commands (cmd:
        {
          command = "${cmd}";
          options = [ "NOPASSWD" ];
        }
      );
    });
  };

}
modules: improve settings to configure nopasswd commands 2024-09-29 00:15:11 +03:00			`{ config, lib, ... }:`

			`let`
			`cfg = config.local.security.sudo;`
			`in`
			`{`
			`options.local.security.sudo = with lib; {`
			`nopasswd = mkOption {`
			`type = types.listOf (types.submodule {`
			`options = {`
			`commands = mkOption {`
modules/security: fix types 2024-09-29 15:21:11 +03:00			`type = with types; listOf (either str package);`
modules: improve settings to configure nopasswd commands 2024-09-29 00:15:11 +03:00			`};`
			`groups = mkOption {`
			`type = types.listOf types.str;`
			`default = [ "wheel" ];`
			`};`
			`};`
			`});`
			`default = [ ];`
			`};`
			`};`

modules/security: fix types 2024-09-29 15:21:11 +03:00			`config = lib.mkIf (cfg.nopasswd != [ ]) {`
modules: improve settings to configure nopasswd commands 2024-09-29 00:15:11 +03:00			`security.sudo.extraRules = lib.flip map cfg.nopasswd (rule: {`
			`inherit (rule) groups;`
modules/security: fix types 2024-09-29 15:21:11 +03:00			`commands = lib.flip map rule.commands (cmd:`
modules: improve settings to configure nopasswd commands 2024-09-29 00:15:11 +03:00			`{`
			`command = "${cmd}";`
			`options = [ "NOPASSWD" ];`
			`}`
modules/security: fix types 2024-09-29 15:21:11 +03:00			`);`
modules: improve settings to configure nopasswd commands 2024-09-29 00:15:11 +03:00			`});`
			`};`

			`}`