nixos/sudo-rs: Simplify activation

nixos/doc/manual/release-notes/rl-2311.section.md

@@ -22,7 +22,7 @@
 
 - [`sudo-rs`], a reimplementation of `sudo` in Rust, is now supported.
   An experimental new module `security.sudo-rs` was added.
-  Switching to it (via `security.sudo.enable = false; security.sudo-rs.enable = true;`) introduces
+  Switching to it (via ` security.sudo-rs.enable = true;`) introduces
   slight changes in sudo behaviour, due to `sudo-rs`' current limitations:
   - terminfo-related environment variables aren't preserved for `root` and `wheel`;
   - `root` and `wheel` are not given the ability to set (or preserve)

nixos/modules/security/sudo-rs.nix

@@ -208,6 +208,12 @@ in
   ###### implementation
 
   config = mkIf cfg.enable {
+    assertions = [ {
+      assertion = ! config.security.sudo.enable;
+      message = "`security.sudo` and `security.sudo-rs` cannot both be enabled";
+    }];
+    security.sudo.enable = mkDefault false;
+
     security.sudo-rs.extraRules =
       let
         defaultRule = { users ? [], groups ? [], opts ? [] }: [ {

nixos/tests/sudo-rs.nix

@@ -22,8 +22,6 @@ in
           test5 = { isNormalUser = true; };
         };
 
-        security.sudo.enable = false;
-
         security.sudo-rs = {
           enable = true;
           package = pkgs.sudo-rs;
@@ -56,8 +54,6 @@ in
         noadmin = { isNormalUser = true; };
       };
 
-      security.sudo.enable = false;
-
       security.sudo-rs = {
         package = pkgs.sudo-rs;
         enable = true;