Function( Function { head: Destructured( FunctionHeadDestructured { ellipsis: true, identifier: None, arguments: [ FunctionHeadDestructuredArgument { identifier: "config", default: None, }, FunctionHeadDestructuredArgument { identifier: "lib", default: None, }, FunctionHeadDestructuredArgument { identifier: "pkgs", default: None, }, ], }, ), body: With( With { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 3, column: 6, }, end: Position { line: 3, column: 9, }, }, }, ), target: LetIn( LetIn { bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "cfg", span: Span { start: Position { line: 7, column: 3, }, end: Position { line: 7, column: 6, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "config", span: Span { start: Position { line: 7, column: 9, }, end: Position { line: 7, column: 15, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 7, column: 16, }, end: Position { line: 7, column: 24, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 7, column: 25, }, end: Position { line: 7, column: 29, }, }, }, ), ], default: None, }, ), }, ), Inherit( BindingInherit { from: Some( Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 9, column: 12, }, end: Position { line: 9, column: 16, }, }, }, ), ), attributes: [ Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 9, column: 18, }, end: Position { line: 9, column: 22, }, }, }, ), ], span: Span { start: Position { line: 5, column: 4, }, end: Position { line: 9, column: 23, }, }, }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "toUserString", span: Span { start: Position { line: 11, column: 3, }, end: Position { line: 11, column: 15, }, }, }, ), ], to: Function( Function { head: Simple( FunctionHeadSimple { identifier: "user", }, ), body: IfThenElse( IfThenElse { predicate: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "isInt", span: Span { start: Position { line: 11, column: 28, }, end: Position { line: 11, column: 33, }, }, }, ), arguments: [ Identifier( Identifier { id: "user", span: Span { start: Position { line: 11, column: 34, }, end: Position { line: 11, column: 38, }, }, }, ), ], }, ), then: String( String_ { parts: [ Raw( PartRaw { content: "#", span: Span { start: Position { line: 11, column: 46, }, end: Position { line: 11, column: 63, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "toString", span: Span { start: Position { line: 11, column: 49, }, end: Position { line: 11, column: 57, }, }, }, ), arguments: [ Identifier( Identifier { id: "user", span: Span { start: Position { line: 11, column: 58, }, end: Position { line: 11, column: 62, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 11, column: 45, }, end: Position { line: 11, column: 64, }, }, }, ), else_: String( String_ { parts: [ Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "user", span: Span { start: Position { line: 11, column: 73, }, end: Position { line: 11, column: 77, }, }, }, ), }, ), ], span: Span { start: Position { line: 11, column: 70, }, end: Position { line: 11, column: 79, }, }, }, ), span: Span { start: Position { line: 11, column: 24, }, end: Position { line: 11, column: 79, }, }, }, ), span: Span { start: Position { line: 11, column: 18, }, end: Position { line: 11, column: 79, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "toGroupString", span: Span { start: Position { line: 12, column: 3, }, end: Position { line: 12, column: 16, }, }, }, ), ], to: Function( Function { head: Simple( FunctionHeadSimple { identifier: "group", }, ), body: IfThenElse( IfThenElse { predicate: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "isInt", span: Span { start: Position { line: 12, column: 30, }, end: Position { line: 12, column: 35, }, }, }, ), arguments: [ Identifier( Identifier { id: "group", span: Span { start: Position { line: 12, column: 36, }, end: Position { line: 12, column: 41, }, }, }, ), ], }, ), then: String( String_ { parts: [ Raw( PartRaw { content: "%#", span: Span { start: Position { line: 12, column: 49, }, end: Position { line: 12, column: 68, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "toString", span: Span { start: Position { line: 12, column: 53, }, end: Position { line: 12, column: 61, }, }, }, ), arguments: [ Identifier( Identifier { id: "group", span: Span { start: Position { line: 12, column: 62, }, end: Position { line: 12, column: 67, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 12, column: 48, }, end: Position { line: 12, column: 69, }, }, }, ), else_: String( String_ { parts: [ Raw( PartRaw { content: "%", span: Span { start: Position { line: 12, column: 76, }, end: Position { line: 12, column: 85, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "group", span: Span { start: Position { line: 12, column: 79, }, end: Position { line: 12, column: 84, }, }, }, ), }, ), ], span: Span { start: Position { line: 12, column: 75, }, end: Position { line: 12, column: 86, }, }, }, ), span: Span { start: Position { line: 12, column: 26, }, end: Position { line: 12, column: 86, }, }, }, ), span: Span { start: Position { line: 12, column: 19, }, end: Position { line: 12, column: 86, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "toCommandOptionsString", span: Span { start: Position { line: 14, column: 3, }, end: Position { line: 14, column: 25, }, }, }, ), ], to: Function( Function { head: Simple( FunctionHeadSimple { identifier: "options", }, ), body: String( String_ { parts: [ Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "concatStringsSep", span: Span { start: Position { line: 15, column: 8, }, end: Position { line: 15, column: 24, }, }, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: ":", span: Span { start: Position { line: 15, column: 26, }, end: Position { line: 15, column: 27, }, }, }, ), ], span: Span { start: Position { line: 15, column: 25, }, end: Position { line: 15, column: 28, }, }, }, ), Identifier( Identifier { id: "options", span: Span { start: Position { line: 15, column: 29, }, end: Position { line: 15, column: 36, }, }, }, ), ], }, ), }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "optionalString", span: Span { start: Position { line: 15, column: 39, }, end: Position { line: 15, column: 53, }, }, }, ), arguments: [ BinaryOperation( BinaryOperation { left: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "length", span: Span { start: Position { line: 15, column: 55, }, end: Position { line: 15, column: 61, }, }, }, ), arguments: [ Identifier( Identifier { id: "options", span: Span { start: Position { line: 15, column: 62, }, end: Position { line: 15, column: 69, }, }, }, ), ], }, ), operator: NotEqualTo, right: Integer( Integer { value: "0", span: Span { start: Position { line: 15, column: 73, }, end: Position { line: 15, column: 74, }, }, }, ), }, ), String( String_ { parts: [ Raw( PartRaw { content: ":", span: Span { start: Position { line: 15, column: 77, }, end: Position { line: 15, column: 78, }, }, }, ), ], span: Span { start: Position { line: 15, column: 76, }, end: Position { line: 15, column: 79, }, }, }, ), ], }, ), }, ), Raw( PartRaw { content: " ", span: Span { start: Position { line: 15, column: 6, }, end: Position { line: 15, column: 81, }, }, }, ), ], span: Span { start: Position { line: 15, column: 5, }, end: Position { line: 15, column: 82, }, }, }, ), span: Span { start: Position { line: 14, column: 28, }, end: Position { line: 15, column: 82, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "toCommandsString", span: Span { start: Position { line: 17, column: 3, }, end: Position { line: 17, column: 19, }, }, }, ), ], to: Function( Function { head: Simple( FunctionHeadSimple { identifier: "commands", }, ), body: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "concatStringsSep", span: Span { start: Position { line: 18, column: 5, }, end: Position { line: 18, column: 21, }, }, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: ", ", span: Span { start: Position { line: 18, column: 23, }, end: Position { line: 18, column: 25, }, }, }, ), ], span: Span { start: Position { line: 18, column: 22, }, end: Position { line: 18, column: 26, }, }, }, ), FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "map", span: Span { start: Position { line: 19, column: 7, }, end: Position { line: 19, column: 10, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "command", }, ), body: IfThenElse( IfThenElse { predicate: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "isString", span: Span { start: Position { line: 20, column: 13, }, end: Position { line: 20, column: 21, }, }, }, ), arguments: [ Identifier( Identifier { id: "command", span: Span { start: Position { line: 20, column: 22, }, end: Position { line: 20, column: 29, }, }, }, ), ], }, ), then: Identifier( Identifier { id: "command", span: Span { start: Position { line: 21, column: 11, }, end: Position { line: 21, column: 18, }, }, }, ), else_: String( String_ { parts: [ Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "toCommandOptionsString", span: Span { start: Position { line: 23, column: 14, }, end: Position { line: 23, column: 36, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "command", span: Span { start: Position { line: 23, column: 37, }, end: Position { line: 23, column: 44, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 23, column: 45, }, end: Position { line: 23, column: 52, }, }, }, ), ], default: None, }, ), ], }, ), }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "command", span: Span { start: Position { line: 23, column: 55, }, end: Position { line: 23, column: 62, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "command", span: Span { start: Position { line: 23, column: 63, }, end: Position { line: 23, column: 70, }, }, }, ), ], default: None, }, ), }, ), ], span: Span { start: Position { line: 23, column: 11, }, end: Position { line: 23, column: 72, }, }, }, ), span: Span { start: Position { line: 20, column: 9, }, end: Position { line: 23, column: 72, }, }, }, ), span: Span { start: Position { line: 19, column: 12, }, end: Position { line: 23, column: 72, }, }, }, ), Identifier( Identifier { id: "commands", span: Span { start: Position { line: 24, column: 9, }, end: Position { line: 24, column: 17, }, }, }, ), ], }, ), ], }, ), span: Span { start: Position { line: 17, column: 22, }, end: Position { line: 25, column: 6, }, }, }, ), }, ), ], target: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 33, column: 3, }, end: Position { line: 33, column: 10, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 35, column: 5, }, end: Position { line: 35, column: 13, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 35, column: 14, }, end: Position { line: 35, column: 18, }, }, }, ), Raw( PartRaw { content: "enable", span: Span { start: Position { line: 35, column: 19, }, end: Position { line: 35, column: 25, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 35, column: 28, }, end: Position { line: 35, column: 36, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 36, column: 7, }, end: Position { line: 36, column: 11, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 36, column: 14, }, end: Position { line: 36, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "bool", span: Span { start: Position { line: 36, column: 20, }, end: Position { line: 36, column: 24, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 37, column: 7, }, end: Position { line: 37, column: 14, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 37, column: 17, }, end: Position { line: 37, column: 21, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 38, column: 7, }, end: Position { line: 38, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 39, column: 9, }, end: Position { line: 39, column: 12, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 39, column: 13, }, end: Position { line: 39, column: 18, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "Whether to enable the {command}`sudo` command, which\nallows non-root users to execute commands as root.\n", span: Span { start: Position { line: 40, column: 1, }, end: Position { line: 42, column: 9, }, }, }, ), ], span: Span { start: Position { line: 39, column: 19, }, end: Position { line: 42, column: 11, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 35, column: 37, }, end: Position { line: 43, column: 6, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 45, column: 5, }, end: Position { line: 45, column: 13, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 45, column: 14, }, end: Position { line: 45, column: 18, }, }, }, ), Raw( PartRaw { content: "package", span: Span { start: Position { line: 45, column: 19, }, end: Position { line: 45, column: 26, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 45, column: 29, }, end: Position { line: 45, column: 37, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 46, column: 7, }, end: Position { line: 46, column: 11, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 46, column: 14, }, end: Position { line: 46, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "package", span: Span { start: Position { line: 46, column: 20, }, end: Position { line: 46, column: 27, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 47, column: 7, }, end: Position { line: 47, column: 14, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 47, column: 17, }, end: Position { line: 47, column: 21, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 47, column: 22, }, end: Position { line: 47, column: 26, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "defaultText", span: Span { start: Position { line: 48, column: 7, }, end: Position { line: 48, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "literalExpression", span: Span { start: Position { line: 48, column: 21, }, end: Position { line: 48, column: 38, }, }, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "pkgs.sudo", span: Span { start: Position { line: 48, column: 40, }, end: Position { line: 48, column: 49, }, }, }, ), ], span: Span { start: Position { line: 48, column: 39, }, end: Position { line: 48, column: 50, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 49, column: 7, }, end: Position { line: 49, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 49, column: 21, }, end: Position { line: 49, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 49, column: 25, }, end: Position { line: 49, column: 30, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "Which package to use for `sudo`.\n", span: Span { start: Position { line: 50, column: 1, }, end: Position { line: 51, column: 7, }, }, }, ), ], span: Span { start: Position { line: 49, column: 31, }, end: Position { line: 51, column: 9, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 45, column: 38, }, end: Position { line: 52, column: 6, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 54, column: 5, }, end: Position { line: 54, column: 13, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 54, column: 14, }, end: Position { line: 54, column: 18, }, }, }, ), Raw( PartRaw { content: "wheelNeedsPassword", span: Span { start: Position { line: 54, column: 19, }, end: Position { line: 54, column: 37, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 54, column: 40, }, end: Position { line: 54, column: 48, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 55, column: 7, }, end: Position { line: 55, column: 11, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 55, column: 14, }, end: Position { line: 55, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "bool", span: Span { start: Position { line: 55, column: 20, }, end: Position { line: 55, column: 24, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 56, column: 7, }, end: Position { line: 56, column: 14, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 56, column: 17, }, end: Position { line: 56, column: 21, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 57, column: 7, }, end: Position { line: 57, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 58, column: 9, }, end: Position { line: 58, column: 12, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 58, column: 13, }, end: Position { line: 58, column: 18, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "Whether users of the `wheel` group must\nprovide a password to run commands as super user via {command}`sudo`.\n", span: Span { start: Position { line: 59, column: 1, }, end: Position { line: 61, column: 9, }, }, }, ), ], span: Span { start: Position { line: 58, column: 19, }, end: Position { line: 61, column: 11, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 54, column: 49, }, end: Position { line: 62, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 64, column: 5, }, end: Position { line: 64, column: 13, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 64, column: 14, }, end: Position { line: 64, column: 18, }, }, }, ), Raw( PartRaw { content: "execWheelOnly", span: Span { start: Position { line: 64, column: 19, }, end: Position { line: 64, column: 32, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 64, column: 35, }, end: Position { line: 64, column: 43, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 65, column: 7, }, end: Position { line: 65, column: 11, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 65, column: 14, }, end: Position { line: 65, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "bool", span: Span { start: Position { line: 65, column: 20, }, end: Position { line: 65, column: 24, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 66, column: 7, }, end: Position { line: 66, column: 14, }, }, }, ), ], to: Identifier( Identifier { id: "false", span: Span { start: Position { line: 66, column: 17, }, end: Position { line: 66, column: 22, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 67, column: 7, }, end: Position { line: 67, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 67, column: 21, }, end: Position { line: 67, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 67, column: 25, }, end: Position { line: 67, column: 30, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "Only allow members of the `wheel` group to execute sudo by\nsetting the executable's permissions accordingly.\nThis prevents users that are not members of `wheel` from\nexploiting vulnerabilities in sudo such as CVE-2021-3156.\n", span: Span { start: Position { line: 68, column: 1, }, end: Position { line: 72, column: 7, }, }, }, ), ], span: Span { start: Position { line: 67, column: 31, }, end: Position { line: 72, column: 9, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 64, column: 44, }, end: Position { line: 73, column: 6, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 75, column: 5, }, end: Position { line: 75, column: 13, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 75, column: 14, }, end: Position { line: 75, column: 18, }, }, }, ), Raw( PartRaw { content: "configFile", span: Span { start: Position { line: 75, column: 19, }, end: Position { line: 75, column: 29, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 75, column: 32, }, end: Position { line: 75, column: 40, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 76, column: 7, }, end: Position { line: 76, column: 11, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 76, column: 14, }, end: Position { line: 76, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "lines", span: Span { start: Position { line: 76, column: 20, }, end: Position { line: 76, column: 25, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 79, column: 7, }, end: Position { line: 79, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 80, column: 9, }, end: Position { line: 80, column: 12, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 80, column: 13, }, end: Position { line: 80, column: 18, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "This string contains the contents of the\n{file}`sudoers` file.\n", span: Span { start: Position { line: 81, column: 1, }, end: Position { line: 83, column: 9, }, }, }, ), ], span: Span { start: Position { line: 80, column: 19, }, end: Position { line: 83, column: 11, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 75, column: 41, }, end: Position { line: 84, column: 6, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 86, column: 5, }, end: Position { line: 86, column: 13, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 86, column: 14, }, end: Position { line: 86, column: 18, }, }, }, ), Raw( PartRaw { content: "extraRules", span: Span { start: Position { line: 86, column: 19, }, end: Position { line: 86, column: 29, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 86, column: 32, }, end: Position { line: 86, column: 40, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 87, column: 7, }, end: Position { line: 87, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 87, column: 21, }, end: Position { line: 87, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 87, column: 25, }, end: Position { line: 87, column: 30, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "Define specific rules to be in the {file}`sudoers` file.\nMore specific rules should come after more general ones in order to\nyield the expected behavior. You can use mkBefore/mkAfter to ensure\nthis is the case when configuration options are merged.\n", span: Span { start: Position { line: 88, column: 1, }, end: Position { line: 92, column: 7, }, }, }, ), ], span: Span { start: Position { line: 87, column: 31, }, end: Position { line: 92, column: 9, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 93, column: 7, }, end: Position { line: 93, column: 14, }, }, }, ), ], to: List( List { elements: [], span: Span { start: Position { line: 93, column: 17, }, end: Position { line: 93, column: 19, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "example", span: Span { start: Position { line: 94, column: 7, }, end: Position { line: 94, column: 14, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "literalExpression", span: Span { start: Position { line: 94, column: 17, }, end: Position { line: 94, column: 34, }, }, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "[\n # Allow execution of any command by all users in group sudo,\n # requiring a password.\n { groups = [ \"sudo\" ]; commands = [ \"ALL\" ]; }\n\n # Allow execution of \"/home/root/secret.sh\" by user `backup`, `database`\n # and the group with GID `1006` without a password.\n { users = [ \"backup\" \"database\" ]; groups = [ 1006 ];\n commands = [ { command = \"/home/root/secret.sh\"; options = [ \"SETENV\" \"NOPASSWD\" ]; } ]; }\n\n # Allow all users of group `bar` to run two executables as user `foo`\n # with arguments being pre-set.\n { groups = [ \"bar\" ]; runAs = \"foo\";\n commands =\n [ \"/home/baz/cmd1.sh hello-sudo\"\n { command = ", span: Span { start: Position { line: 95, column: 1, }, end: Position { line: 110, column: 31, }, }, }, ), Raw( PartRaw { content: "''", span: Span { start: Position { line: 95, column: 1, }, end: Position { line: 110, column: 34, }, }, }, ), Raw( PartRaw { content: "/home/baz/cmd2.sh \"\"", span: Span { start: Position { line: 95, column: 1, }, end: Position { line: 110, column: 54, }, }, }, ), Raw( PartRaw { content: "''", span: Span { start: Position { line: 95, column: 1, }, end: Position { line: 110, column: 57, }, }, }, ), Raw( PartRaw { content: "; options = [ \"SETENV\" ]; } ]; }\n]\n", span: Span { start: Position { line: 95, column: 1, }, end: Position { line: 112, column: 7, }, }, }, ), ], span: Span { start: Position { line: 94, column: 35, }, end: Position { line: 112, column: 9, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 113, column: 7, }, end: Position { line: 113, column: 11, }, }, }, ), ], to: With( With { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 113, column: 19, }, end: Position { line: 113, column: 24, }, }, }, ), target: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "listOf", span: Span { start: Position { line: 113, column: 26, }, end: Position { line: 113, column: 32, }, }, }, ), arguments: [ FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "submodule", span: Span { start: Position { line: 113, column: 34, }, end: Position { line: 113, column: 43, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 114, column: 9, }, end: Position { line: 114, column: 16, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "users", span: Span { start: Position { line: 115, column: 11, }, end: Position { line: 115, column: 16, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 115, column: 19, }, end: Position { line: 115, column: 27, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 116, column: 13, }, end: Position { line: 116, column: 17, }, }, }, ), ], to: With( With { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 116, column: 25, }, end: Position { line: 116, column: 30, }, }, }, ), target: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "listOf", span: Span { start: Position { line: 116, column: 32, }, end: Position { line: 116, column: 38, }, }, }, ), arguments: [ FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "either", span: Span { start: Position { line: 116, column: 40, }, end: Position { line: 116, column: 46, }, }, }, ), arguments: [ Identifier( Identifier { id: "str", span: Span { start: Position { line: 116, column: 47, }, end: Position { line: 116, column: 50, }, }, }, ), Identifier( Identifier { id: "int", span: Span { start: Position { line: 116, column: 51, }, end: Position { line: 116, column: 54, }, }, }, ), ], }, ), ], }, ), span: Span { start: Position { line: 116, column: 20, }, end: Position { line: 116, column: 55, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 117, column: 13, }, end: Position { line: 117, column: 24, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 117, column: 27, }, end: Position { line: 117, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 117, column: 31, }, end: Position { line: 117, column: 36, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "The usernames / UIDs this rule should apply for.\n", span: Span { start: Position { line: 118, column: 1, }, end: Position { line: 119, column: 13, }, }, }, ), ], span: Span { start: Position { line: 117, column: 37, }, end: Position { line: 119, column: 15, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 120, column: 13, }, end: Position { line: 120, column: 20, }, }, }, ), ], to: List( List { elements: [], span: Span { start: Position { line: 120, column: 23, }, end: Position { line: 120, column: 25, }, }, }, ), }, ), ], span: Span { start: Position { line: 115, column: 28, }, end: Position { line: 121, column: 12, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "groups", span: Span { start: Position { line: 123, column: 11, }, end: Position { line: 123, column: 17, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 123, column: 20, }, end: Position { line: 123, column: 28, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 124, column: 13, }, end: Position { line: 124, column: 17, }, }, }, ), ], to: With( With { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 124, column: 25, }, end: Position { line: 124, column: 30, }, }, }, ), target: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "listOf", span: Span { start: Position { line: 124, column: 32, }, end: Position { line: 124, column: 38, }, }, }, ), arguments: [ FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "either", span: Span { start: Position { line: 124, column: 40, }, end: Position { line: 124, column: 46, }, }, }, ), arguments: [ Identifier( Identifier { id: "str", span: Span { start: Position { line: 124, column: 47, }, end: Position { line: 124, column: 50, }, }, }, ), Identifier( Identifier { id: "int", span: Span { start: Position { line: 124, column: 51, }, end: Position { line: 124, column: 54, }, }, }, ), ], }, ), ], }, ), span: Span { start: Position { line: 124, column: 20, }, end: Position { line: 124, column: 55, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 125, column: 13, }, end: Position { line: 125, column: 24, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 125, column: 27, }, end: Position { line: 125, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 125, column: 31, }, end: Position { line: 125, column: 36, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "The groups / GIDs this rule should apply for.\n", span: Span { start: Position { line: 126, column: 1, }, end: Position { line: 127, column: 13, }, }, }, ), ], span: Span { start: Position { line: 125, column: 37, }, end: Position { line: 127, column: 15, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 128, column: 13, }, end: Position { line: 128, column: 20, }, }, }, ), ], to: List( List { elements: [], span: Span { start: Position { line: 128, column: 23, }, end: Position { line: 128, column: 25, }, }, }, ), }, ), ], span: Span { start: Position { line: 123, column: 29, }, end: Position { line: 129, column: 12, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "host", span: Span { start: Position { line: 131, column: 11, }, end: Position { line: 131, column: 15, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 131, column: 18, }, end: Position { line: 131, column: 26, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 132, column: 13, }, end: Position { line: 132, column: 17, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 132, column: 20, }, end: Position { line: 132, column: 25, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "str", span: Span { start: Position { line: 132, column: 26, }, end: Position { line: 132, column: 29, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 133, column: 13, }, end: Position { line: 133, column: 20, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "ALL", span: Span { start: Position { line: 133, column: 24, }, end: Position { line: 133, column: 27, }, }, }, ), ], span: Span { start: Position { line: 133, column: 23, }, end: Position { line: 133, column: 28, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 134, column: 13, }, end: Position { line: 134, column: 24, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 134, column: 27, }, end: Position { line: 134, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 134, column: 31, }, end: Position { line: 134, column: 36, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "For what host this rule should apply.\n", span: Span { start: Position { line: 135, column: 1, }, end: Position { line: 136, column: 13, }, }, }, ), ], span: Span { start: Position { line: 134, column: 37, }, end: Position { line: 136, column: 15, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 131, column: 27, }, end: Position { line: 137, column: 12, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "runAs", span: Span { start: Position { line: 139, column: 11, }, end: Position { line: 139, column: 16, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 139, column: 19, }, end: Position { line: 139, column: 27, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 140, column: 13, }, end: Position { line: 140, column: 17, }, }, }, ), ], to: With( With { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 140, column: 25, }, end: Position { line: 140, column: 30, }, }, }, ), target: Identifier( Identifier { id: "str", span: Span { start: Position { line: 140, column: 32, }, end: Position { line: 140, column: 35, }, }, }, ), span: Span { start: Position { line: 140, column: 20, }, end: Position { line: 140, column: 35, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 141, column: 13, }, end: Position { line: 141, column: 20, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "ALL:ALL", span: Span { start: Position { line: 141, column: 24, }, end: Position { line: 141, column: 31, }, }, }, ), ], span: Span { start: Position { line: 141, column: 23, }, end: Position { line: 141, column: 32, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 142, column: 13, }, end: Position { line: 142, column: 24, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 142, column: 27, }, end: Position { line: 142, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 142, column: 31, }, end: Position { line: 142, column: 36, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "Under which user/group the specified command is allowed to run.\n\nA user can be specified using just the username: `\"foo\"`.\nIt is also possible to specify a user/group combination using `\"foo:bar\"`\nor to only allow running as a specific group with `\":bar\"`.\n", span: Span { start: Position { line: 143, column: 1, }, end: Position { line: 148, column: 13, }, }, }, ), ], span: Span { start: Position { line: 142, column: 37, }, end: Position { line: 148, column: 15, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 139, column: 28, }, end: Position { line: 149, column: 12, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "commands", span: Span { start: Position { line: 151, column: 11, }, end: Position { line: 151, column: 19, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 151, column: 22, }, end: Position { line: 151, column: 30, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 152, column: 13, }, end: Position { line: 152, column: 24, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 152, column: 27, }, end: Position { line: 152, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 152, column: 31, }, end: Position { line: 152, column: 36, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "The commands for which the rule should apply.\n", span: Span { start: Position { line: 153, column: 1, }, end: Position { line: 154, column: 13, }, }, }, ), ], span: Span { start: Position { line: 152, column: 37, }, end: Position { line: 154, column: 15, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 155, column: 13, }, end: Position { line: 155, column: 17, }, }, }, ), ], to: With( With { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 155, column: 25, }, end: Position { line: 155, column: 30, }, }, }, ), target: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "listOf", span: Span { start: Position { line: 155, column: 32, }, end: Position { line: 155, column: 38, }, }, }, ), arguments: [ FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "either", span: Span { start: Position { line: 155, column: 40, }, end: Position { line: 155, column: 46, }, }, }, ), arguments: [ Identifier( Identifier { id: "str", span: Span { start: Position { line: 155, column: 47, }, end: Position { line: 155, column: 50, }, }, }, ), FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "submodule", span: Span { start: Position { line: 155, column: 52, }, end: Position { line: 155, column: 61, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 157, column: 15, }, end: Position { line: 157, column: 22, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "command", span: Span { start: Position { line: 158, column: 17, }, end: Position { line: 158, column: 24, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 158, column: 27, }, end: Position { line: 158, column: 35, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 159, column: 19, }, end: Position { line: 159, column: 23, }, }, }, ), ], to: With( With { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 159, column: 31, }, end: Position { line: 159, column: 36, }, }, }, ), target: Identifier( Identifier { id: "str", span: Span { start: Position { line: 159, column: 38, }, end: Position { line: 159, column: 41, }, }, }, ), span: Span { start: Position { line: 159, column: 26, }, end: Position { line: 159, column: 41, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 160, column: 19, }, end: Position { line: 160, column: 30, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 160, column: 33, }, end: Position { line: 160, column: 36, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 160, column: 37, }, end: Position { line: 160, column: 42, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "A command being either just a path to a binary to allow any arguments,\nthe full command with arguments pre-set or with `\"\"` used as the argument,\nnot allowing arguments to the command at all.\n", span: Span { start: Position { line: 161, column: 1, }, end: Position { line: 164, column: 19, }, }, }, ), ], span: Span { start: Position { line: 160, column: 43, }, end: Position { line: 164, column: 21, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 158, column: 36, }, end: Position { line: 165, column: 18, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 167, column: 17, }, end: Position { line: 167, column: 24, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 167, column: 27, }, end: Position { line: 167, column: 35, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 168, column: 19, }, end: Position { line: 168, column: 23, }, }, }, ), ], to: With( With { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 168, column: 31, }, end: Position { line: 168, column: 36, }, }, }, ), target: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "listOf", span: Span { start: Position { line: 168, column: 38, }, end: Position { line: 168, column: 44, }, }, }, ), arguments: [ FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "enum", span: Span { start: Position { line: 168, column: 46, }, end: Position { line: 168, column: 50, }, }, }, ), arguments: [ List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "NOPASSWD", span: Span { start: Position { line: 168, column: 54, }, end: Position { line: 168, column: 62, }, }, }, ), ], span: Span { start: Position { line: 168, column: 53, }, end: Position { line: 168, column: 63, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "PASSWD", span: Span { start: Position { line: 168, column: 65, }, end: Position { line: 168, column: 71, }, }, }, ), ], span: Span { start: Position { line: 168, column: 64, }, end: Position { line: 168, column: 72, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "NOEXEC", span: Span { start: Position { line: 168, column: 74, }, end: Position { line: 168, column: 80, }, }, }, ), ], span: Span { start: Position { line: 168, column: 73, }, end: Position { line: 168, column: 81, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "EXEC", span: Span { start: Position { line: 168, column: 83, }, end: Position { line: 168, column: 87, }, }, }, ), ], span: Span { start: Position { line: 168, column: 82, }, end: Position { line: 168, column: 88, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "SETENV", span: Span { start: Position { line: 168, column: 90, }, end: Position { line: 168, column: 96, }, }, }, ), ], span: Span { start: Position { line: 168, column: 89, }, end: Position { line: 168, column: 97, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "NOSETENV", span: Span { start: Position { line: 168, column: 99, }, end: Position { line: 168, column: 107, }, }, }, ), ], span: Span { start: Position { line: 168, column: 98, }, end: Position { line: 168, column: 108, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "LOG_INPUT", span: Span { start: Position { line: 168, column: 110, }, end: Position { line: 168, column: 119, }, }, }, ), ], span: Span { start: Position { line: 168, column: 109, }, end: Position { line: 168, column: 120, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "NOLOG_INPUT", span: Span { start: Position { line: 168, column: 122, }, end: Position { line: 168, column: 133, }, }, }, ), ], span: Span { start: Position { line: 168, column: 121, }, end: Position { line: 168, column: 134, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "LOG_OUTPUT", span: Span { start: Position { line: 168, column: 136, }, end: Position { line: 168, column: 146, }, }, }, ), ], span: Span { start: Position { line: 168, column: 135, }, end: Position { line: 168, column: 147, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "NOLOG_OUTPUT", span: Span { start: Position { line: 168, column: 149, }, end: Position { line: 168, column: 161, }, }, }, ), ], span: Span { start: Position { line: 168, column: 148, }, end: Position { line: 168, column: 162, }, }, }, ), ], span: Span { start: Position { line: 168, column: 51, }, end: Position { line: 168, column: 164, }, }, }, ), ], }, ), ], }, ), span: Span { start: Position { line: 168, column: 26, }, end: Position { line: 168, column: 165, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 169, column: 19, }, end: Position { line: 169, column: 30, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 169, column: 33, }, end: Position { line: 169, column: 36, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 169, column: 37, }, end: Position { line: 169, column: 42, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "Options for running the command. Refer to the [sudo manual](https://www.sudo.ws/man/1.7.10/sudoers.man.html).\n", span: Span { start: Position { line: 170, column: 1, }, end: Position { line: 171, column: 19, }, }, }, ), ], span: Span { start: Position { line: 169, column: 43, }, end: Position { line: 171, column: 21, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 172, column: 19, }, end: Position { line: 172, column: 26, }, }, }, ), ], to: List( List { elements: [], span: Span { start: Position { line: 172, column: 29, }, end: Position { line: 172, column: 31, }, }, }, ), }, ), ], span: Span { start: Position { line: 167, column: 36, }, end: Position { line: 173, column: 18, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 157, column: 25, }, end: Position { line: 174, column: 16, }, }, }, ), }, ), ], span: Span { start: Position { line: 155, column: 62, }, end: Position { line: 176, column: 14, }, }, }, ), ], }, ), ], }, ), ], }, ), span: Span { start: Position { line: 155, column: 20, }, end: Position { line: 176, column: 16, }, }, }, ), }, ), ], span: Span { start: Position { line: 151, column: 31, }, end: Position { line: 177, column: 12, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 114, column: 19, }, end: Position { line: 178, column: 10, }, }, }, ), }, ), ], span: Span { start: Position { line: 113, column: 44, }, end: Position { line: 179, column: 8, }, }, }, ), ], }, ), ], }, ), span: Span { start: Position { line: 113, column: 14, }, end: Position { line: 179, column: 9, }, }, }, ), }, ), ], span: Span { start: Position { line: 86, column: 41, }, end: Position { line: 180, column: 6, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 182, column: 5, }, end: Position { line: 182, column: 13, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 182, column: 14, }, end: Position { line: 182, column: 18, }, }, }, ), Raw( PartRaw { content: "extraConfig", span: Span { start: Position { line: 182, column: 19, }, end: Position { line: 182, column: 30, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 182, column: 33, }, end: Position { line: 182, column: 41, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 183, column: 7, }, end: Position { line: 183, column: 11, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 183, column: 14, }, end: Position { line: 183, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "lines", span: Span { start: Position { line: 183, column: 20, }, end: Position { line: 183, column: 25, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 184, column: 7, }, end: Position { line: 184, column: 14, }, }, }, ), ], to: String( String_ { parts: [], span: Span { start: Position { line: 184, column: 17, }, end: Position { line: 184, column: 19, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 185, column: 7, }, end: Position { line: 185, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 185, column: 21, }, end: Position { line: 185, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 185, column: 25, }, end: Position { line: 185, column: 30, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "Extra configuration text appended to {file}`sudoers`.\n", span: Span { start: Position { line: 186, column: 1, }, end: Position { line: 187, column: 7, }, }, }, ), ], span: Span { start: Position { line: 185, column: 31, }, end: Position { line: 187, column: 9, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 182, column: 42, }, end: Position { line: 188, column: 6, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 33, column: 13, }, end: Position { line: 189, column: 4, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "config", span: Span { start: Position { line: 194, column: 3, }, end: Position { line: 194, column: 9, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkIf", span: Span { start: Position { line: 194, column: 12, }, end: Position { line: 194, column: 16, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 194, column: 17, }, end: Position { line: 194, column: 20, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "enable", span: Span { start: Position { line: 194, column: 21, }, end: Position { line: 194, column: 27, }, }, }, ), ], default: None, }, ), Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 198, column: 5, }, end: Position { line: 198, column: 13, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 198, column: 14, }, end: Position { line: 198, column: 18, }, }, }, ), Raw( PartRaw { content: "extraRules", span: Span { start: Position { line: 198, column: 19, }, end: Position { line: 198, column: 29, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOrder", span: Span { start: Position { line: 198, column: 32, }, end: Position { line: 198, column: 39, }, }, }, ), arguments: [ Integer( Integer { value: "600", span: Span { start: Position { line: 198, column: 40, }, end: Position { line: 198, column: 43, }, }, }, ), List( List { elements: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "groups", span: Span { start: Position { line: 199, column: 9, }, end: Position { line: 199, column: 15, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "wheel", span: Span { start: Position { line: 199, column: 21, }, end: Position { line: 199, column: 26, }, }, }, ), ], span: Span { start: Position { line: 199, column: 20, }, end: Position { line: 199, column: 27, }, }, }, ), ], span: Span { start: Position { line: 199, column: 18, }, end: Position { line: 199, column: 29, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "commands", span: Span { start: Position { line: 200, column: 9, }, end: Position { line: 200, column: 17, }, }, }, ), ], to: List( List { elements: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "command", span: Span { start: Position { line: 200, column: 24, }, end: Position { line: 200, column: 31, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "ALL", span: Span { start: Position { line: 200, column: 35, }, end: Position { line: 200, column: 38, }, }, }, ), ], span: Span { start: Position { line: 200, column: 34, }, end: Position { line: 200, column: 39, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 200, column: 41, }, end: Position { line: 200, column: 48, }, }, }, ), ], to: IfThenElse( IfThenElse { predicate: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 200, column: 55, }, end: Position { line: 200, column: 58, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "wheelNeedsPassword", span: Span { start: Position { line: 200, column: 59, }, end: Position { line: 200, column: 77, }, }, }, ), ], default: None, }, ), then: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "SETENV", span: Span { start: Position { line: 200, column: 86, }, end: Position { line: 200, column: 92, }, }, }, ), ], span: Span { start: Position { line: 200, column: 85, }, end: Position { line: 200, column: 93, }, }, }, ), ], span: Span { start: Position { line: 200, column: 83, }, end: Position { line: 200, column: 95, }, }, }, ), else_: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "NOPASSWD", span: Span { start: Position { line: 200, column: 104, }, end: Position { line: 200, column: 112, }, }, }, ), ], span: Span { start: Position { line: 200, column: 103, }, end: Position { line: 200, column: 113, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "SETENV", span: Span { start: Position { line: 200, column: 115, }, end: Position { line: 200, column: 121, }, }, }, ), ], span: Span { start: Position { line: 200, column: 114, }, end: Position { line: 200, column: 122, }, }, }, ), ], span: Span { start: Position { line: 200, column: 101, }, end: Position { line: 200, column: 124, }, }, }, ), span: Span { start: Position { line: 200, column: 52, }, end: Position { line: 200, column: 124, }, }, }, ), }, ), ], span: Span { start: Position { line: 200, column: 22, }, end: Position { line: 200, column: 128, }, }, }, ), ], span: Span { start: Position { line: 200, column: 20, }, end: Position { line: 200, column: 130, }, }, }, ), }, ), ], span: Span { start: Position { line: 199, column: 7, }, end: Position { line: 201, column: 8, }, }, }, ), ], span: Span { start: Position { line: 198, column: 44, }, end: Position { line: 202, column: 6, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 204, column: 5, }, end: Position { line: 204, column: 13, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 204, column: 14, }, end: Position { line: 204, column: 18, }, }, }, ), Raw( PartRaw { content: "configFile", span: Span { start: Position { line: 204, column: 19, }, end: Position { line: 204, column: 29, }, }, }, ), ], to: IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "# Don't edit this file. Set the NixOS options ‘security.sudo.configFile’\n# or ‘security.sudo.extraRules’ instead.\n\n# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.\nDefaults env_keep+=SSH_AUTH_SOCK\n\n# \"root\" is allowed to do anything.\nroot ALL=(ALL:ALL) SETENV: ALL\n\n# extraRules\n", span: Span { start: Position { line: 206, column: 1, }, end: Position { line: 216, column: 9, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "concatStringsSep", span: Span { start: Position { line: 216, column: 11, }, end: Position { line: 216, column: 27, }, }, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "\n", span: Span { start: Position { line: 216, column: 29, }, end: Position { line: 216, column: 31, }, }, }, ), ], span: Span { start: Position { line: 216, column: 28, }, end: Position { line: 216, column: 32, }, }, }, ), FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lists", span: Span { start: Position { line: 217, column: 11, }, end: Position { line: 217, column: 16, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "flatten", span: Span { start: Position { line: 217, column: 17, }, end: Position { line: 217, column: 24, }, }, }, ), ], default: None, }, ), arguments: [ FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "map", span: Span { start: Position { line: 218, column: 13, }, end: Position { line: 218, column: 16, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "rule", }, ), body: IfThenElse( IfThenElse { predicate: BinaryOperation( BinaryOperation { left: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "length", span: Span { start: Position { line: 219, column: 25, }, end: Position { line: 219, column: 31, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "rule", span: Span { start: Position { line: 219, column: 32, }, end: Position { line: 219, column: 36, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "commands", span: Span { start: Position { line: 219, column: 37, }, end: Position { line: 219, column: 45, }, }, }, ), ], default: None, }, ), ], }, ), operator: NotEqualTo, right: Integer( Integer { value: "0", span: Span { start: Position { line: 219, column: 49, }, end: Position { line: 219, column: 50, }, }, }, ), }, ), then: List( List { elements: [ FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "map", span: Span { start: Position { line: 220, column: 18, }, end: Position { line: 220, column: 21, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "user", }, ), body: String( String_ { parts: [ Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "toUserString", span: Span { start: Position { line: 220, column: 32, }, end: Position { line: 220, column: 44, }, }, }, ), arguments: [ Identifier( Identifier { id: "user", span: Span { start: Position { line: 220, column: 45, }, end: Position { line: 220, column: 49, }, }, }, ), ], }, ), }, ), Raw( PartRaw { content: "\t", span: Span { start: Position { line: 220, column: 30, }, end: Position { line: 220, column: 51, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "rule", span: Span { start: Position { line: 220, column: 53, }, end: Position { line: 220, column: 57, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "host", span: Span { start: Position { line: 220, column: 58, }, end: Position { line: 220, column: 62, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "=(", span: Span { start: Position { line: 220, column: 30, }, end: Position { line: 220, column: 65, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "rule", span: Span { start: Position { line: 220, column: 67, }, end: Position { line: 220, column: 71, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "runAs", span: Span { start: Position { line: 220, column: 72, }, end: Position { line: 220, column: 77, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: ")\t", span: Span { start: Position { line: 220, column: 30, }, end: Position { line: 220, column: 80, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "toCommandsString", span: Span { start: Position { line: 220, column: 82, }, end: Position { line: 220, column: 98, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "rule", span: Span { start: Position { line: 220, column: 99, }, end: Position { line: 220, column: 103, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "commands", span: Span { start: Position { line: 220, column: 104, }, end: Position { line: 220, column: 112, }, }, }, ), ], default: None, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 220, column: 29, }, end: Position { line: 220, column: 114, }, }, }, ), span: Span { start: Position { line: 220, column: 23, }, end: Position { line: 220, column: 114, }, }, }, ), PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "rule", span: Span { start: Position { line: 220, column: 116, }, end: Position { line: 220, column: 120, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "users", span: Span { start: Position { line: 220, column: 121, }, end: Position { line: 220, column: 126, }, }, }, ), ], default: None, }, ), ], }, ), FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "map", span: Span { start: Position { line: 221, column: 18, }, end: Position { line: 221, column: 21, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "group", }, ), body: String( String_ { parts: [ Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "toGroupString", span: Span { start: Position { line: 221, column: 33, }, end: Position { line: 221, column: 46, }, }, }, ), arguments: [ Identifier( Identifier { id: "group", span: Span { start: Position { line: 221, column: 47, }, end: Position { line: 221, column: 52, }, }, }, ), ], }, ), }, ), Raw( PartRaw { content: "\t", span: Span { start: Position { line: 221, column: 31, }, end: Position { line: 221, column: 54, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "rule", span: Span { start: Position { line: 221, column: 56, }, end: Position { line: 221, column: 60, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "host", span: Span { start: Position { line: 221, column: 61, }, end: Position { line: 221, column: 65, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "=(", span: Span { start: Position { line: 221, column: 31, }, end: Position { line: 221, column: 68, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "rule", span: Span { start: Position { line: 221, column: 70, }, end: Position { line: 221, column: 74, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "runAs", span: Span { start: Position { line: 221, column: 75, }, end: Position { line: 221, column: 80, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: ")\t", span: Span { start: Position { line: 221, column: 31, }, end: Position { line: 221, column: 83, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "toCommandsString", span: Span { start: Position { line: 221, column: 85, }, end: Position { line: 221, column: 101, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "rule", span: Span { start: Position { line: 221, column: 102, }, end: Position { line: 221, column: 106, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "commands", span: Span { start: Position { line: 221, column: 107, }, end: Position { line: 221, column: 115, }, }, }, ), ], default: None, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 221, column: 30, }, end: Position { line: 221, column: 117, }, }, }, ), span: Span { start: Position { line: 221, column: 23, }, end: Position { line: 221, column: 117, }, }, }, ), PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "rule", span: Span { start: Position { line: 221, column: 119, }, end: Position { line: 221, column: 123, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "groups", span: Span { start: Position { line: 221, column: 124, }, end: Position { line: 221, column: 130, }, }, }, ), ], default: None, }, ), ], }, ), ], span: Span { start: Position { line: 219, column: 57, }, end: Position { line: 222, column: 16, }, }, }, ), else_: List( List { elements: [], span: Span { start: Position { line: 222, column: 22, }, end: Position { line: 222, column: 24, }, }, }, ), span: Span { start: Position { line: 219, column: 21, }, end: Position { line: 222, column: 24, }, }, }, ), span: Span { start: Position { line: 219, column: 15, }, end: Position { line: 222, column: 24, }, }, }, ), PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 223, column: 15, }, end: Position { line: 223, column: 18, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "extraRules", span: Span { start: Position { line: 223, column: 19, }, end: Position { line: 223, column: 29, }, }, }, ), ], default: None, }, ), ], }, ), ], }, ), ], }, ), }, ), Raw( PartRaw { content: "\n\n", span: Span { start: Position { line: 206, column: 1, }, end: Position { line: 227, column: 9, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 227, column: 11, }, end: Position { line: 227, column: 14, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "extraConfig", span: Span { start: Position { line: 227, column: 15, }, end: Position { line: 227, column: 26, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "\n", span: Span { start: Position { line: 206, column: 1, }, end: Position { line: 228, column: 7, }, }, }, ), ], span: Span { start: Position { line: 205, column: 7, }, end: Position { line: 228, column: 9, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 230, column: 5, }, end: Position { line: 230, column: 13, }, }, }, ), Raw( PartRaw { content: "wrappers", span: Span { start: Position { line: 230, column: 14, }, end: Position { line: 230, column: 22, }, }, }, ), ], to: LetIn( LetIn { bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "owner", span: Span { start: Position { line: 231, column: 7, }, end: Position { line: 231, column: 12, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "root", span: Span { start: Position { line: 231, column: 16, }, end: Position { line: 231, column: 20, }, }, }, ), ], span: Span { start: Position { line: 231, column: 15, }, end: Position { line: 231, column: 21, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "group", span: Span { start: Position { line: 232, column: 7, }, end: Position { line: 232, column: 12, }, }, }, ), ], to: IfThenElse( IfThenElse { predicate: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 232, column: 18, }, end: Position { line: 232, column: 21, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "execWheelOnly", span: Span { start: Position { line: 232, column: 22, }, end: Position { line: 232, column: 35, }, }, }, ), ], default: None, }, ), then: String( String_ { parts: [ Raw( PartRaw { content: "wheel", span: Span { start: Position { line: 232, column: 42, }, end: Position { line: 232, column: 47, }, }, }, ), ], span: Span { start: Position { line: 232, column: 41, }, end: Position { line: 232, column: 48, }, }, }, ), else_: String( String_ { parts: [ Raw( PartRaw { content: "root", span: Span { start: Position { line: 232, column: 55, }, end: Position { line: 232, column: 59, }, }, }, ), ], span: Span { start: Position { line: 232, column: 54, }, end: Position { line: 232, column: 60, }, }, }, ), span: Span { start: Position { line: 232, column: 15, }, end: Position { line: 232, column: 60, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "setuid", span: Span { start: Position { line: 233, column: 7, }, end: Position { line: 233, column: 13, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 233, column: 16, }, end: Position { line: 233, column: 20, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "permissions", span: Span { start: Position { line: 234, column: 7, }, end: Position { line: 234, column: 18, }, }, }, ), ], to: IfThenElse( IfThenElse { predicate: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 234, column: 24, }, end: Position { line: 234, column: 27, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "execWheelOnly", span: Span { start: Position { line: 234, column: 28, }, end: Position { line: 234, column: 41, }, }, }, ), ], default: None, }, ), then: String( String_ { parts: [ Raw( PartRaw { content: "u+rx,g+x", span: Span { start: Position { line: 234, column: 48, }, end: Position { line: 234, column: 56, }, }, }, ), ], span: Span { start: Position { line: 234, column: 47, }, end: Position { line: 234, column: 57, }, }, }, ), else_: String( String_ { parts: [ Raw( PartRaw { content: "u+rx,g+x,o+x", span: Span { start: Position { line: 234, column: 64, }, end: Position { line: 234, column: 76, }, }, }, ), ], span: Span { start: Position { line: 234, column: 63, }, end: Position { line: 234, column: 77, }, }, }, ), span: Span { start: Position { line: 234, column: 21, }, end: Position { line: 234, column: 77, }, }, }, ), }, ), ], target: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 236, column: 7, }, end: Position { line: 236, column: 11, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "source", span: Span { start: Position { line: 237, column: 9, }, end: Position { line: 237, column: 15, }, }, }, ), ], to: String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 237, column: 21, }, end: Position { line: 237, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "package", span: Span { start: Position { line: 237, column: 25, }, end: Position { line: 237, column: 32, }, }, }, ), Raw( PartRaw { content: "out", span: Span { start: Position { line: 237, column: 33, }, end: Position { line: 237, column: 36, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/sudo", span: Span { start: Position { line: 237, column: 19, }, end: Position { line: 237, column: 46, }, }, }, ), ], span: Span { start: Position { line: 237, column: 18, }, end: Position { line: 237, column: 47, }, }, }, ), }, ), Inherit( BindingInherit { from: None, attributes: [ Raw( PartRaw { content: "owner", span: Span { start: Position { line: 238, column: 17, }, end: Position { line: 238, column: 22, }, }, }, ), Raw( PartRaw { content: "group", span: Span { start: Position { line: 238, column: 23, }, end: Position { line: 238, column: 28, }, }, }, ), Raw( PartRaw { content: "setuid", span: Span { start: Position { line: 238, column: 29, }, end: Position { line: 238, column: 35, }, }, }, ), Raw( PartRaw { content: "permissions", span: Span { start: Position { line: 238, column: 36, }, end: Position { line: 238, column: 47, }, }, }, ), ], span: Span { start: Position { line: 236, column: 15, }, end: Position { line: 238, column: 48, }, }, }, ), ], span: Span { start: Position { line: 236, column: 14, }, end: Position { line: 239, column: 8, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "sudoedit", span: Span { start: Position { line: 240, column: 7, }, end: Position { line: 240, column: 15, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "source", span: Span { start: Position { line: 241, column: 9, }, end: Position { line: 241, column: 15, }, }, }, ), ], to: String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 241, column: 21, }, end: Position { line: 241, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "package", span: Span { start: Position { line: 241, column: 25, }, end: Position { line: 241, column: 32, }, }, }, ), Raw( PartRaw { content: "out", span: Span { start: Position { line: 241, column: 33, }, end: Position { line: 241, column: 36, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/sudoedit", span: Span { start: Position { line: 241, column: 19, }, end: Position { line: 241, column: 50, }, }, }, ), ], span: Span { start: Position { line: 241, column: 18, }, end: Position { line: 241, column: 51, }, }, }, ), }, ), Inherit( BindingInherit { from: None, attributes: [ Raw( PartRaw { content: "owner", span: Span { start: Position { line: 242, column: 17, }, end: Position { line: 242, column: 22, }, }, }, ), Raw( PartRaw { content: "group", span: Span { start: Position { line: 242, column: 23, }, end: Position { line: 242, column: 28, }, }, }, ), Raw( PartRaw { content: "setuid", span: Span { start: Position { line: 242, column: 29, }, end: Position { line: 242, column: 35, }, }, }, ), Raw( PartRaw { content: "permissions", span: Span { start: Position { line: 242, column: 36, }, end: Position { line: 242, column: 47, }, }, }, ), ], span: Span { start: Position { line: 240, column: 19, }, end: Position { line: 242, column: 48, }, }, }, ), ], span: Span { start: Position { line: 240, column: 18, }, end: Position { line: 243, column: 8, }, }, }, ), }, ), ], span: Span { start: Position { line: 235, column: 8, }, end: Position { line: 244, column: 6, }, }, }, ), span: Span { start: Position { line: 230, column: 25, }, end: Position { line: 244, column: 6, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "environment", span: Span { start: Position { line: 246, column: 5, }, end: Position { line: 246, column: 16, }, }, }, ), Raw( PartRaw { content: "systemPackages", span: Span { start: Position { line: 246, column: 17, }, end: Position { line: 246, column: 31, }, }, }, ), ], to: List( List { elements: [ Identifier( Identifier { id: "sudo", span: Span { start: Position { line: 246, column: 36, }, end: Position { line: 246, column: 40, }, }, }, ), ], span: Span { start: Position { line: 246, column: 34, }, end: Position { line: 246, column: 42, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 248, column: 5, }, end: Position { line: 248, column: 13, }, }, }, ), Raw( PartRaw { content: "pam", span: Span { start: Position { line: 248, column: 14, }, end: Position { line: 248, column: 17, }, }, }, ), Raw( PartRaw { content: "services", span: Span { start: Position { line: 248, column: 18, }, end: Position { line: 248, column: 26, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 248, column: 27, }, end: Position { line: 248, column: 31, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "sshAgentAuth", span: Span { start: Position { line: 248, column: 36, }, end: Position { line: 248, column: 48, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 248, column: 51, }, end: Position { line: 248, column: 55, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "usshAuth", span: Span { start: Position { line: 248, column: 57, }, end: Position { line: 248, column: 65, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 248, column: 68, }, end: Position { line: 248, column: 72, }, }, }, ), }, ), ], span: Span { start: Position { line: 248, column: 34, }, end: Position { line: 248, column: 75, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "environment", span: Span { start: Position { line: 250, column: 5, }, end: Position { line: 250, column: 16, }, }, }, ), Raw( PartRaw { content: "etc", span: Span { start: Position { line: 250, column: 17, }, end: Position { line: 250, column: 20, }, }, }, ), Raw( PartRaw { content: "sudoers", span: Span { start: Position { line: 250, column: 21, }, end: Position { line: 250, column: 28, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "source", span: Span { start: Position { line: 251, column: 9, }, end: Position { line: 251, column: 15, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 252, column: 11, }, end: Position { line: 252, column: 15, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "runCommand", span: Span { start: Position { line: 252, column: 16, }, end: Position { line: 252, column: 26, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "sudoers", span: Span { start: Position { line: 252, column: 28, }, end: Position { line: 252, column: 35, }, }, }, ), ], span: Span { start: Position { line: 252, column: 27, }, end: Position { line: 252, column: 36, }, }, }, ), Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "src", span: Span { start: Position { line: 254, column: 13, }, end: Position { line: 254, column: 16, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 254, column: 19, }, end: Position { line: 254, column: 23, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "writeText", span: Span { start: Position { line: 254, column: 24, }, end: Position { line: 254, column: 33, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "sudoers-in", span: Span { start: Position { line: 254, column: 35, }, end: Position { line: 254, column: 45, }, }, }, ), ], span: Span { start: Position { line: 254, column: 34, }, end: Position { line: 254, column: 46, }, }, }, ), PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 254, column: 47, }, end: Position { line: 254, column: 50, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "configFile", span: Span { start: Position { line: 254, column: 51, }, end: Position { line: 254, column: 61, }, }, }, ), ], default: None, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "preferLocalBuild", span: Span { start: Position { line: 255, column: 13, }, end: Position { line: 255, column: 29, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 255, column: 32, }, end: Position { line: 255, column: 36, }, }, }, ), }, ), ], span: Span { start: Position { line: 253, column: 11, }, end: Position { line: 256, column: 12, }, }, }, ), String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 259, column: 14, }, end: Position { line: 259, column: 18, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "buildPackages", span: Span { start: Position { line: 259, column: 19, }, end: Position { line: 259, column: 32, }, }, }, ), Raw( PartRaw { content: "sudo", span: Span { start: Position { line: 259, column: 33, }, end: Position { line: 259, column: 37, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/sbin/visudo -f $src -c && cp $src $out", span: Span { start: Position { line: 259, column: 12, }, end: Position { line: 259, column: 77, }, }, }, ), ], span: Span { start: Position { line: 259, column: 11, }, end: Position { line: 259, column: 78, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "mode", span: Span { start: Position { line: 260, column: 9, }, end: Position { line: 260, column: 13, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "0440", span: Span { start: Position { line: 260, column: 17, }, end: Position { line: 260, column: 21, }, }, }, ), ], span: Span { start: Position { line: 260, column: 16, }, end: Position { line: 260, column: 22, }, }, }, ), }, ), ], span: Span { start: Position { line: 251, column: 7, }, end: Position { line: 261, column: 8, }, }, }, ), }, ), ], span: Span { start: Position { line: 194, column: 28, }, end: Position { line: 263, column: 4, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 29, column: 1, }, end: Position { line: 265, column: 2, }, }, }, ), span: Span { start: Position { line: 5, column: 1, }, end: Position { line: 265, column: 2, }, }, }, ), span: Span { start: Position { line: 3, column: 1, }, end: Position { line: 265, column: 2, }, }, }, ), span: Span { start: Position { line: 1, column: 1, }, end: Position { line: 265, column: 2, }, }, }, )