system/modules/nixos/configs/security.nix

{ config, lib, ... }:

let
  cfg = config.local.security.sudo;
in
{
  options.local.security.sudo = with lib; {
    nopasswd = mkOption {
      type = types.listOf (types.submodule {
        options = {
          commands = mkOption {
            type = listOf (types.either types.str types.package);
          };
          groups = mkOption {
            type = types.listOf types.str;
            default = [ "wheel" ];
          };
        };
      });
      default = [ ];
    };
  };

  config = cfg.nopasswd != [ ] {
    security.sudo.extraRules = lib.flip map cfg.nopasswd (rule: {
      inherit (rule) groups;
      commands = lib.flip map rule.commands (cmd: [
        {
          command = "${cmd}";
          options = [ "NOPASSWD" ];
        }
      ]);
    });
  };

}
modules: improve settings to configure nopasswd commands 2024-09-29 00:15:11 +03:00			`{ config, lib, ... }:`

			`let`
			`cfg = config.local.security.sudo;`
			`in`
			`{`
			`options.local.security.sudo = with lib; {`
			`nopasswd = mkOption {`
			`type = types.listOf (types.submodule {`
			`options = {`
			`commands = mkOption {`
			`type = listOf (types.either types.str types.package);`
			`};`
			`groups = mkOption {`
			`type = types.listOf types.str;`
			`default = [ "wheel" ];`
			`};`
			`};`
			`});`
			`default = [ ];`
			`};`
			`};`

			`config = cfg.nopasswd != [ ] {`
			`security.sudo.extraRules = lib.flip map cfg.nopasswd (rule: {`
			`inherit (rule) groups;`
			`commands = lib.flip map rule.commands (cmd: [`
			`{`
			`command = "${cmd}";`
			`options = [ "NOPASSWD" ];`
			`}`
			`]);`
			`});`
			`};`

			`}`