nixos/doas: default rule should be first

In /etc/doas.conf, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.
This commit is contained in:
Cole Helbling 2020-05-10 22:14:16 -07:00
parent f798f07619
commit 01b645e872
No known key found for this signature in database
GPG Key ID: B37E0F2371016A4C

View File

@ -223,7 +223,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
security.doas.extraRules = [ security.doas.extraRules = mkOrder 600 [
{ {
groups = [ "wheel" ]; groups = [ "wheel" ];
noPass = !cfg.wheelNeedsPassword; noPass = !cfg.wheelNeedsPassword;