From 01b645e872107806e61cf54cc1415a843f3af795 Mon Sep 17 00:00:00 2001
From: Cole Helbling <cole.e.helbling@outlook.com>
Date: Sun, 10 May 2020 22:14:16 -0700
Subject: [PATCH] nixos/doas: default rule should be first

In /etc/doas.conf, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.
---
 nixos/modules/security/doas.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/security/doas.nix b/nixos/modules/security/doas.nix
index 1991a58db60d..b81f2d0c2d52 100644
--- a/nixos/modules/security/doas.nix
+++ b/nixos/modules/security/doas.nix
@@ -223,7 +223,7 @@ in
 
   config = mkIf cfg.enable {
 
-    security.doas.extraRules = [
+    security.doas.extraRules = mkOrder 600 [
       {
         groups = [ "wheel" ];
         noPass = !cfg.wheelNeedsPassword;