From 409d29ca737309e51e58483aa0ef0a8d4489d9a1 Mon Sep 17 00:00:00 2001
From: nicoo <nicoo@mur.at>
Date: Thu, 31 Aug 2023 10:33:11 +0000
Subject: [PATCH] nixos/sudo: Split up `configFile` into individual sections

---
 nixos/modules/security/sudo.nix | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix
index d225442773c6..adf83c7a045a 100644
--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@@ -205,17 +205,20 @@ in
       }
     ];
 
-    security.sudo.configFile =
+    security.sudo.configFile = concatStringsSep "\n" [
       ''
         # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’
         # or ‘security.sudo.extraRules’ instead.
-
+      ''
+      ''
         # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
         Defaults env_keep+=SSH_AUTH_SOCK
-
+      ''
+      ''
         # "root" is allowed to do anything.
         root        ALL=(ALL:ALL) SETENV: ALL
-
+      ''
+      ''
         # extraRules
         ${concatStringsSep "\n" (
           lists.flatten (
@@ -227,9 +230,12 @@ in
             ) cfg.extraRules
           )
         )}
-
+      ''
+      ''
+        # extraConfig
         ${cfg.extraConfig}
-      '';
+      ''
+    ];
 
     security.wrappers = let
       owner = "root";