nixos/sudo: Fix extraRules example rendering

nixos/modules/security/sudo.nix

@@ -71,23 +71,25 @@ in
         this is the case when configuration options are merged.
       '';
       default = [];
-      example = [
+      example = literalExample ''
-        # Allow execution of any command by all users in group sudo,
+        [
-        # requiring a password.
+          # Allow execution of any command by all users in group sudo,
-        { groups = [ "sudo" ]; commands = [ "ALL" ]; }
+          # requiring a password.
+          { groups = [ "sudo" ]; commands = [ "ALL" ]; }
 
-        # Allow execution of "/home/root/secret.sh" by user `backup`, `database`
+          # Allow execution of "/home/root/secret.sh" by user `backup`, `database`
-        # and the group with GID `1006` without a password.
+          # and the group with GID `1006` without a password.
-        { users = [ "backup" "database" ]; groups = [ 1006 ];
+          { users = [ "backup" "database" ]; groups = [ 1006 ];
-          commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; }
+            commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; }
 
-        # Allow all users of group `bar` to run two executables as user `foo`
+          # Allow all users of group `bar` to run two executables as user `foo`
-        # with arguments being pre-set.
+          # with arguments being pre-set.
-        { groups = [ "bar" ]; runAs = "foo";
+          { groups = [ "bar" ]; runAs = "foo";
-          commands =
+            commands =
-            [ "/home/baz/cmd1.sh hello-sudo"
+              [ "/home/baz/cmd1.sh hello-sudo"
-              { command = ''/home/baz/cmd2.sh ""''; options = [ "SETENV" ]; } ]; }
+                  { command = '''/home/baz/cmd2.sh ""'''; options = [ "SETENV" ]; } ]; }
-      ];
+        ]
+      '';
       type = with types; listOf (submodule {
         options = {
           users = mkOption {