From cb1f1b42602a2655df69d7690f428b4d8467901a Mon Sep 17 00:00:00 2001
From: Silvan Mosberger <contact@infinisil.com>
Date: Mon, 10 Feb 2020 01:37:07 +0100
Subject: [PATCH] nixos/sudo: Fix extraRules example rendering

---
 nixos/modules/security/sudo.nix | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix
index d899806ef058..e3e43177def3 100644
--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@@ -71,23 +71,25 @@ in
         this is the case when configuration options are merged.
       '';
       default = [];
-      example = [
-        # Allow execution of any command by all users in group sudo,
-        # requiring a password.
-        { groups = [ "sudo" ]; commands = [ "ALL" ]; }
+      example = literalExample ''
+        [
+          # Allow execution of any command by all users in group sudo,
+          # requiring a password.
+          { groups = [ "sudo" ]; commands = [ "ALL" ]; }
 
-        # Allow execution of "/home/root/secret.sh" by user `backup`, `database`
-        # and the group with GID `1006` without a password.
-        { users = [ "backup" "database" ]; groups = [ 1006 ];
-          commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; }
+          # Allow execution of "/home/root/secret.sh" by user `backup`, `database`
+          # and the group with GID `1006` without a password.
+          { users = [ "backup" "database" ]; groups = [ 1006 ];
+            commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; }
 
-        # Allow all users of group `bar` to run two executables as user `foo`
-        # with arguments being pre-set.
-        { groups = [ "bar" ]; runAs = "foo";
-          commands =
-            [ "/home/baz/cmd1.sh hello-sudo"
-              { command = ''/home/baz/cmd2.sh ""''; options = [ "SETENV" ]; } ]; }
-      ];
+          # Allow all users of group `bar` to run two executables as user `foo`
+          # with arguments being pre-set.
+          { groups = [ "bar" ]; runAs = "foo";
+            commands =
+              [ "/home/baz/cmd1.sh hello-sudo"
+                  { command = '''/home/baz/cmd2.sh ""'''; options = [ "SETENV" ]; } ]; }
+        ]
+      '';
       type = with types; listOf (submodule {
         options = {
           users = mkOption {