Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos/doas: init #86488

Merged
merged 2 commits into from May 10, 2020
Merged

nixos/doas: init #86488

merged 2 commits into from May 10, 2020

Conversation

cole-h
Copy link
Member

@cole-h cole-h commented May 1, 2020

Motivation for this change

I noticed that #74184 was both unmerged and behind by a patch version, so I wanted to update it. Then I read the comment that there was no suid wrapper for it, and thus began my journey into making my very first NixOS module. Most of the work is based off of the existing sudo module (including the test).

Closes #74184. Version bump was picked into master.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

This is a draft because, although I've tested this in a NixOS VM, I haven't used it for any real length of time. It definitely gets suid and can run commands as root, but that's really the extent of my testing. More testing is welcome, suggestions on what to improve, etc.

@cole-h
Copy link
Member Author

cole-h commented May 1, 2020

@ofborg test doas

nixos/tests/all-tests.nix Outdated Show resolved Hide resolved
@adisbladis
Copy link
Member

@cole-h I took the liberty of getting the version bump on master so the scope of this PR is now only the module.

@adisbladis adisbladis changed the title [WIP] doas: 6.0 -> 6.6.1, nixos/doas: init [WIP] nixos/doas: init May 2, 2020
@adisbladis adisbladis mentioned this pull request May 2, 2020
nixos/modules/security/doas.nix Show resolved Hide resolved
nixos/modules/security/doas.nix Outdated Show resolved Hide resolved
nixos/modules/security/doas.nix Outdated Show resolved Hide resolved
nixos/modules/security/doas.nix Show resolved Hide resolved
nixos/modules/security/doas.nix Outdated Show resolved Hide resolved
nixos/modules/security/doas.nix Outdated Show resolved Hide resolved
@cole-h cole-h marked this pull request as ready for review May 4, 2020 22:02
@cole-h cole-h changed the title [WIP] nixos/doas: init nixos/doas: init May 4, 2020
@cole-h cole-h requested a review from adisbladis May 4, 2020 22:02
@cole-h
Copy link
Member Author

cole-h commented May 4, 2020

I now consider this ready!

I added a release note at the behest of @adisbladis on IRC -- please let me now if it needs to be moved into some other section (preferably with the location of that section, as well).

`doas` is a lighter alternative to `sudo` that "provide[s] 95% of the
features of `sudo` with a fraction of the codebase" [1]. I prefer it to
`sudo`, so I figured I would add a NixOS module in order for it to be
easier to use. The module is based off of the existing `sudo` module.

[1] https://github.com/Duncaen/OpenDoas
@adisbladis adisbladis merged commit 68ee239 into NixOS:master May 10, 2020
@cole-h cole-h deleted the doas branch May 10, 2020 19:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants