---
Function {
 argument: Destructured {
  identifier: None,
  arguments: [
   DestructuredArgument {
    identifier: "config",
    default: None,
   },
   DestructuredArgument {
    identifier: "lib",
    default: None,
   },
   DestructuredArgument {
    identifier: "pkgs",
    default: None,
   },
  ],
  ellipsis: true,
 },
 definition: With {
  expression: Variable {
   identifier: "lib",
   position: (3, 6),
  },
  target: LetIn {
   bindings: [
    Binding {
     from: AttributePath {
      parts: [
       Raw {
        content: "cfg",
        position: (7, 3),
       },
      ],
     },
     to: PropertyAccess {
      expression: Variable {
       identifier: "config",
       position: (7, 9),
      },
      attribute_path: AttributePath {
       parts: [
        Raw {
         content: "security",
         position: (7, 16),
        },
        Raw {
         content: "sudo",
         position: (7, 25),
        },
       ],
      },
      default: None,
     },
    },
    Inherit {
     from: Some(
      Variable {
       identifier: "pkgs",
       position: (9, 12),
      },
     ),
     attributes: [
      Raw {
       content: "sudo",
       position: (9, 18),
      },
     ],
    },
    Binding {
     from: AttributePath {
      parts: [
       Raw {
        content: "toUserString",
        position: (11, 3),
       },
      ],
     },
     to: Function {
      argument: Simple {
       identifier: "user",
      },
      definition: IfThenElse {
       predicate: Parentheses {
        expression: FunctionApplication {
         function: Variable {
          identifier: "isInt",
          position: (11, 28),
         },
         arguments: [
          Variable {
           identifier: "user",
           position: (11, 34),
          },
         ],
        },
        position: (11, 27),
       },
       then: String {
        parts: [
         Raw {
          content: "#",
          position: (11, 46),
         },
         Interpolation {
          expression: FunctionApplication {
           function: Variable {
            identifier: "toString",
            position: (11, 49),
           },
           arguments: [
            Variable {
             identifier: "user",
             position: (11, 58),
            },
           ],
          },
         },
        ],
        position: (11, 45),
       },
       else_: String {
        parts: [
         Interpolation {
          expression: Variable {
           identifier: "user",
           position: (11, 73),
          },
         },
        ],
        position: (11, 70),
       },
       position: (11, 24),
      },
      position: (11, 18),
     },
    },
    Binding {
     from: AttributePath {
      parts: [
       Raw {
        content: "toGroupString",
        position: (12, 3),
       },
      ],
     },
     to: Function {
      argument: Simple {
       identifier: "group",
      },
      definition: IfThenElse {
       predicate: Parentheses {
        expression: FunctionApplication {
         function: Variable {
          identifier: "isInt",
          position: (12, 30),
         },
         arguments: [
          Variable {
           identifier: "group",
           position: (12, 36),
          },
         ],
        },
        position: (12, 29),
       },
       then: String {
        parts: [
         Raw {
          content: "%#",
          position: (12, 49),
         },
         Interpolation {
          expression: FunctionApplication {
           function: Variable {
            identifier: "toString",
            position: (12, 53),
           },
           arguments: [
            Variable {
             identifier: "group",
             position: (12, 62),
            },
           ],
          },
         },
        ],
        position: (12, 48),
       },
       else_: String {
        parts: [
         Raw {
          content: "%",
          position: (12, 76),
         },
         Interpolation {
          expression: Variable {
           identifier: "group",
           position: (12, 79),
          },
         },
        ],
        position: (12, 75),
       },
       position: (12, 26),
      },
      position: (12, 19),
     },
    },
    Binding {
     from: AttributePath {
      parts: [
       Raw {
        content: "toCommandOptionsString",
        position: (14, 3),
       },
      ],
     },
     to: Function {
      argument: Simple {
       identifier: "options",
      },
      definition: String {
       parts: [
        Interpolation {
         expression: FunctionApplication {
          function: Variable {
           identifier: "concatStringsSep",
           position: (15, 8),
          },
          arguments: [
           String {
            parts: [
             Raw {
              content: ":",
              position: (15, 26),
             },
            ],
            position: (15, 25),
           },
           Variable {
            identifier: "options",
            position: (15, 29),
           },
          ],
         },
        },
        Interpolation {
         expression: FunctionApplication {
          function: Variable {
           identifier: "optionalString",
           position: (15, 39),
          },
          arguments: [
           Parentheses {
            expression: BinaryOperation {
             operator: NotEqualTo,
             operands: [
              FunctionApplication {
               function: Variable {
                identifier: "length",
                position: (15, 55),
               },
               arguments: [
                Variable {
                 identifier: "options",
                 position: (15, 62),
                },
               ],
              },
              Int {
               value: 0,
               position: (15, 73),
              },
             ],
             position: (15, 70),
            },
            position: (15, 54),
           },
           String {
            parts: [
             Raw {
              content: ":",
              position: (15, 77),
             },
            ],
            position: (15, 76),
           },
          ],
         },
        },
        Raw {
         content: " ",
         position: (15, 80),
        },
       ],
       position: (15, 5),
      },
      position: (14, 28),
     },
    },
    Binding {
     from: AttributePath {
      parts: [
       Raw {
        content: "toCommandsString",
        position: (17, 3),
       },
      ],
     },
     to: Function {
      argument: Simple {
       identifier: "commands",
      },
      definition: FunctionApplication {
       function: Variable {
        identifier: "concatStringsSep",
        position: (18, 5),
       },
       arguments: [
        String {
         parts: [
          Raw {
           content: ", ",
           position: (18, 23),
          },
         ],
         position: (18, 22),
        },
        Parentheses {
         expression: FunctionApplication {
          function: Variable {
           identifier: "map",
           position: (19, 7),
          },
          arguments: [
           Parentheses {
            expression: Function {
             argument: Simple {
              identifier: "command",
             },
             definition: IfThenElse {
              predicate: Parentheses {
               expression: FunctionApplication {
                function: Variable {
                 identifier: "isString",
                 position: (20, 13),
                },
                arguments: [
                 Variable {
                  identifier: "command",
                  position: (20, 22),
                 },
                ],
               },
               position: (20, 12),
              },
              then: Variable {
               identifier: "command",
               position: (21, 11),
              },
              else_: String {
               parts: [
                Interpolation {
                 expression: FunctionApplication {
                  function: Variable {
                   identifier: "toCommandOptionsString",
                   position: (23, 14),
                  },
                  arguments: [
                   PropertyAccess {
                    expression: Variable {
                     identifier: "command",
                     position: (23, 37),
                    },
                    attribute_path: AttributePath {
                     parts: [
                      Raw {
                       content: "options",
                       position: (23, 45),
                      },
                     ],
                    },
                    default: None,
                   },
                  ],
                 },
                },
                Interpolation {
                 expression: PropertyAccess {
                  expression: Variable {
                   identifier: "command",
                   position: (23, 55),
                  },
                  attribute_path: AttributePath {
                   parts: [
                    Raw {
                     content: "command",
                     position: (23, 63),
                    },
                   ],
                  },
                  default: None,
                 },
                },
               ],
               position: (23, 11),
              },
              position: (20, 9),
             },
             position: (19, 12),
            },
            position: (19, 11),
           },
           Variable {
            identifier: "commands",
            position: (24, 9),
           },
          ],
         },
         position: (18, 27),
        },
       ],
      },
      position: (17, 22),
     },
    },
   ],
   target: Map {
    bindings: [
     Binding {
      from: AttributePath {
       parts: [
        Raw {
         content: "options",
         position: (33, 3),
        },
       ],
      },
      to: Map {
       bindings: [
        Binding {
         from: AttributePath {
          parts: [
           Raw {
            content: "security",
            position: (35, 5),
           },
           Raw {
            content: "sudo",
            position: (35, 14),
           },
           Raw {
            content: "enable",
            position: (35, 19),
           },
          ],
         },
         to: FunctionApplication {
          function: Variable {
           identifier: "mkOption",
           position: (35, 28),
          },
          arguments: [
           Map {
            bindings: [
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "type",
                 position: (36, 7),
                },
               ],
              },
              to: PropertyAccess {
               expression: Variable {
                identifier: "types",
                position: (36, 14),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "bool",
                  position: (36, 20),
                 },
                ],
               },
               default: None,
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "default",
                 position: (37, 7),
                },
               ],
              },
              to: Variable {
               identifier: "true",
               position: (37, 17),
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "description",
                 position: (38, 7),
                },
               ],
              },
              to: String {
               parts: [
                Raw {
                 content: "Whether to enable the <command>sudo</command> command, which\nallows non-root users to execute commands as root.\n",
                 position: (40, 1),
                },
               ],
               position: (39, 9),
              },
             },
            ],
            recursive: false,
            position: (35, 37),
           },
          ],
         },
        },
        Binding {
         from: AttributePath {
          parts: [
           Raw {
            content: "security",
            position: (45, 5),
           },
           Raw {
            content: "sudo",
            position: (45, 14),
           },
           Raw {
            content: "package",
            position: (45, 19),
           },
          ],
         },
         to: FunctionApplication {
          function: Variable {
           identifier: "mkOption",
           position: (45, 29),
          },
          arguments: [
           Map {
            bindings: [
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "type",
                 position: (46, 7),
                },
               ],
              },
              to: PropertyAccess {
               expression: Variable {
                identifier: "types",
                position: (46, 14),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "package",
                  position: (46, 20),
                 },
                ],
               },
               default: None,
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "default",
                 position: (47, 7),
                },
               ],
              },
              to: PropertyAccess {
               expression: Variable {
                identifier: "pkgs",
                position: (47, 17),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "sudo",
                  position: (47, 22),
                 },
                ],
               },
               default: None,
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "defaultText",
                 position: (48, 7),
                },
               ],
              },
              to: FunctionApplication {
               function: Variable {
                identifier: "literalExpression",
                position: (48, 21),
               },
               arguments: [
                String {
                 parts: [
                  Raw {
                   content: "pkgs.sudo",
                   position: (48, 40),
                  },
                 ],
                 position: (48, 39),
                },
               ],
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "description",
                 position: (49, 7),
                },
               ],
              },
              to: String {
               parts: [
                Raw {
                 content: "Which package to use for `sudo`.\n",
                 position: (50, 1),
                },
               ],
               position: (49, 21),
              },
             },
            ],
            recursive: false,
            position: (45, 38),
           },
          ],
         },
        },
        Binding {
         from: AttributePath {
          parts: [
           Raw {
            content: "security",
            position: (54, 5),
           },
           Raw {
            content: "sudo",
            position: (54, 14),
           },
           Raw {
            content: "wheelNeedsPassword",
            position: (54, 19),
           },
          ],
         },
         to: FunctionApplication {
          function: Variable {
           identifier: "mkOption",
           position: (54, 40),
          },
          arguments: [
           Map {
            bindings: [
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "type",
                 position: (55, 7),
                },
               ],
              },
              to: PropertyAccess {
               expression: Variable {
                identifier: "types",
                position: (55, 14),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "bool",
                  position: (55, 20),
                 },
                ],
               },
               default: None,
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "default",
                 position: (56, 7),
                },
               ],
              },
              to: Variable {
               identifier: "true",
               position: (56, 17),
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "description",
                 position: (57, 7),
                },
               ],
              },
              to: String {
               parts: [
                Raw {
                 content: "Whether users of the <code>wheel</code> group must\nprovide a password to run commands as super user via <command>sudo</command>.\n",
                 position: (59, 1),
                },
               ],
               position: (58, 9),
              },
             },
            ],
            recursive: false,
            position: (54, 49),
           },
          ],
         },
        },
        Binding {
         from: AttributePath {
          parts: [
           Raw {
            content: "security",
            position: (64, 5),
           },
           Raw {
            content: "sudo",
            position: (64, 14),
           },
           Raw {
            content: "execWheelOnly",
            position: (64, 19),
           },
          ],
         },
         to: FunctionApplication {
          function: Variable {
           identifier: "mkOption",
           position: (64, 35),
          },
          arguments: [
           Map {
            bindings: [
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "type",
                 position: (65, 7),
                },
               ],
              },
              to: PropertyAccess {
               expression: Variable {
                identifier: "types",
                position: (65, 14),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "bool",
                  position: (65, 20),
                 },
                ],
               },
               default: None,
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "default",
                 position: (66, 7),
                },
               ],
              },
              to: Variable {
               identifier: "false",
               position: (66, 17),
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "description",
                 position: (67, 7),
                },
               ],
              },
              to: String {
               parts: [
                Raw {
                 content: "Only allow members of the <code>wheel</code> group to execute sudo by\nsetting the executable's permissions accordingly.\nThis prevents users that are not members of <code>wheel</code> from\nexploiting vulnerabilities in sudo such as CVE-2021-3156.\n",
                 position: (68, 1),
                },
               ],
               position: (67, 21),
              },
             },
            ],
            recursive: false,
            position: (64, 44),
           },
          ],
         },
        },
        Binding {
         from: AttributePath {
          parts: [
           Raw {
            content: "security",
            position: (75, 5),
           },
           Raw {
            content: "sudo",
            position: (75, 14),
           },
           Raw {
            content: "configFile",
            position: (75, 19),
           },
          ],
         },
         to: FunctionApplication {
          function: Variable {
           identifier: "mkOption",
           position: (75, 32),
          },
          arguments: [
           Map {
            bindings: [
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "type",
                 position: (76, 7),
                },
               ],
              },
              to: PropertyAccess {
               expression: Variable {
                identifier: "types",
                position: (76, 14),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "lines",
                  position: (76, 20),
                 },
                ],
               },
               default: None,
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "description",
                 position: (79, 7),
                },
               ],
              },
              to: String {
               parts: [
                Raw {
                 content: "This string contains the contents of the\n<filename>sudoers</filename> file.\n",
                 position: (81, 1),
                },
               ],
               position: (80, 9),
              },
             },
            ],
            recursive: false,
            position: (75, 41),
           },
          ],
         },
        },
        Binding {
         from: AttributePath {
          parts: [
           Raw {
            content: "security",
            position: (86, 5),
           },
           Raw {
            content: "sudo",
            position: (86, 14),
           },
           Raw {
            content: "extraRules",
            position: (86, 19),
           },
          ],
         },
         to: FunctionApplication {
          function: Variable {
           identifier: "mkOption",
           position: (86, 32),
          },
          arguments: [
           Map {
            bindings: [
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "description",
                 position: (87, 7),
                },
               ],
              },
              to: String {
               parts: [
                Raw {
                 content: "Define specific rules to be in the <filename>sudoers</filename> file.\nMore specific rules should come after more general ones in order to\nyield the expected behavior. You can use mkBefore/mkAfter to ensure\nthis is the case when configuration options are merged.\n",
                 position: (88, 1),
                },
               ],
               position: (87, 21),
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "default",
                 position: (93, 7),
                },
               ],
              },
              to: List {
               elements: [],
               position: (93, 17),
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "example",
                 position: (94, 7),
                },
               ],
              },
              to: FunctionApplication {
               function: Variable {
                identifier: "literalExpression",
                position: (94, 17),
               },
               arguments: [
                String {
                 parts: [
                  Raw {
                   content: "[\n  # Allow execution of any command by all users in group sudo,\n  # requiring a password.\n  { groups = [ \"sudo\" ]; commands = [ \"ALL\" ]; }\n\n  # Allow execution of \"/home/root/secret.sh\" by user `backup`, `database`\n  # and the group with GID `1006` without a password.\n  { users = [ \"backup\" \"database\" ]; groups = [ 1006 ];\n    commands = [ { command = \"/home/root/secret.sh\"; options = [ \"SETENV\" \"NOPASSWD\" ]; } ]; }\n\n  # Allow all users of group `bar` to run two executables as user `foo`\n  # with arguments being pre-set.\n  { groups = [ \"bar\" ]; runAs = \"foo\";\n    commands =\n      [ \"/home/baz/cmd1.sh hello-sudo\"\n          { command = ",
                   position: (95, 1),
                  },
                  Raw {
                   content: "''",
                   position: (110, 31),
                  },
                  Raw {
                   content: "/home/baz/cmd2.sh \"\"",
                   position: (110, 34),
                  },
                  Raw {
                   content: "''",
                   position: (110, 54),
                  },
                  Raw {
                   content: "; options = [ \"SETENV\" ]; } ]; }\n]\n",
                   position: (110, 57),
                  },
                 ],
                 position: (94, 35),
                },
               ],
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "type",
                 position: (113, 7),
                },
               ],
              },
              to: With {
               expression: Variable {
                identifier: "types",
                position: (113, 19),
               },
               target: FunctionApplication {
                function: Variable {
                 identifier: "listOf",
                 position: (113, 26),
                },
                arguments: [
                 Parentheses {
                  expression: FunctionApplication {
                   function: Variable {
                    identifier: "submodule",
                    position: (113, 34),
                   },
                   arguments: [
                    Map {
                     bindings: [
                      Binding {
                       from: AttributePath {
                        parts: [
                         Raw {
                          content: "options",
                          position: (114, 9),
                         },
                        ],
                       },
                       to: Map {
                        bindings: [
                         Binding {
                          from: AttributePath {
                           parts: [
                            Raw {
                             content: "users",
                             position: (115, 11),
                            },
                           ],
                          },
                          to: FunctionApplication {
                           function: Variable {
                            identifier: "mkOption",
                            position: (115, 19),
                           },
                           arguments: [
                            Map {
                             bindings: [
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "type",
                                  position: (116, 13),
                                 },
                                ],
                               },
                               to: With {
                                expression: Variable {
                                 identifier: "types",
                                 position: (116, 25),
                                },
                                target: FunctionApplication {
                                 function: Variable {
                                  identifier: "listOf",
                                  position: (116, 32),
                                 },
                                 arguments: [
                                  Parentheses {
                                   expression: FunctionApplication {
                                    function: Variable {
                                     identifier: "either",
                                     position: (116, 40),
                                    },
                                    arguments: [
                                     Variable {
                                      identifier: "str",
                                      position: (116, 47),
                                     },
                                     Variable {
                                      identifier: "int",
                                      position: (116, 51),
                                     },
                                    ],
                                   },
                                   position: (116, 39),
                                  },
                                 ],
                                },
                                position: (116, 20),
                               },
                              },
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "description",
                                  position: (117, 13),
                                 },
                                ],
                               },
                               to: String {
                                parts: [
                                 Raw {
                                  content: "The usernames / UIDs this rule should apply for.\n",
                                  position: (118, 1),
                                 },
                                ],
                                position: (117, 27),
                               },
                              },
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "default",
                                  position: (120, 13),
                                 },
                                ],
                               },
                               to: List {
                                elements: [],
                                position: (120, 23),
                               },
                              },
                             ],
                             recursive: false,
                             position: (115, 28),
                            },
                           ],
                          },
                         },
                         Binding {
                          from: AttributePath {
                           parts: [
                            Raw {
                             content: "groups",
                             position: (123, 11),
                            },
                           ],
                          },
                          to: FunctionApplication {
                           function: Variable {
                            identifier: "mkOption",
                            position: (123, 20),
                           },
                           arguments: [
                            Map {
                             bindings: [
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "type",
                                  position: (124, 13),
                                 },
                                ],
                               },
                               to: With {
                                expression: Variable {
                                 identifier: "types",
                                 position: (124, 25),
                                },
                                target: FunctionApplication {
                                 function: Variable {
                                  identifier: "listOf",
                                  position: (124, 32),
                                 },
                                 arguments: [
                                  Parentheses {
                                   expression: FunctionApplication {
                                    function: Variable {
                                     identifier: "either",
                                     position: (124, 40),
                                    },
                                    arguments: [
                                     Variable {
                                      identifier: "str",
                                      position: (124, 47),
                                     },
                                     Variable {
                                      identifier: "int",
                                      position: (124, 51),
                                     },
                                    ],
                                   },
                                   position: (124, 39),
                                  },
                                 ],
                                },
                                position: (124, 20),
                               },
                              },
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "description",
                                  position: (125, 13),
                                 },
                                ],
                               },
                               to: String {
                                parts: [
                                 Raw {
                                  content: "The groups / GIDs this rule should apply for.\n",
                                  position: (126, 1),
                                 },
                                ],
                                position: (125, 27),
                               },
                              },
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "default",
                                  position: (128, 13),
                                 },
                                ],
                               },
                               to: List {
                                elements: [],
                                position: (128, 23),
                               },
                              },
                             ],
                             recursive: false,
                             position: (123, 29),
                            },
                           ],
                          },
                         },
                         Binding {
                          from: AttributePath {
                           parts: [
                            Raw {
                             content: "host",
                             position: (131, 11),
                            },
                           ],
                          },
                          to: FunctionApplication {
                           function: Variable {
                            identifier: "mkOption",
                            position: (131, 18),
                           },
                           arguments: [
                            Map {
                             bindings: [
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "type",
                                  position: (132, 13),
                                 },
                                ],
                               },
                               to: PropertyAccess {
                                expression: Variable {
                                 identifier: "types",
                                 position: (132, 20),
                                },
                                attribute_path: AttributePath {
                                 parts: [
                                  Raw {
                                   content: "str",
                                   position: (132, 26),
                                  },
                                 ],
                                },
                                default: None,
                               },
                              },
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "default",
                                  position: (133, 13),
                                 },
                                ],
                               },
                               to: String {
                                parts: [
                                 Raw {
                                  content: "ALL",
                                  position: (133, 24),
                                 },
                                ],
                                position: (133, 23),
                               },
                              },
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "description",
                                  position: (134, 13),
                                 },
                                ],
                               },
                               to: String {
                                parts: [
                                 Raw {
                                  content: "For what host this rule should apply.\n",
                                  position: (135, 1),
                                 },
                                ],
                                position: (134, 27),
                               },
                              },
                             ],
                             recursive: false,
                             position: (131, 27),
                            },
                           ],
                          },
                         },
                         Binding {
                          from: AttributePath {
                           parts: [
                            Raw {
                             content: "runAs",
                             position: (139, 11),
                            },
                           ],
                          },
                          to: FunctionApplication {
                           function: Variable {
                            identifier: "mkOption",
                            position: (139, 19),
                           },
                           arguments: [
                            Map {
                             bindings: [
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "type",
                                  position: (140, 13),
                                 },
                                ],
                               },
                               to: With {
                                expression: Variable {
                                 identifier: "types",
                                 position: (140, 25),
                                },
                                target: Variable {
                                 identifier: "str",
                                 position: (140, 32),
                                },
                                position: (140, 20),
                               },
                              },
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "default",
                                  position: (141, 13),
                                 },
                                ],
                               },
                               to: String {
                                parts: [
                                 Raw {
                                  content: "ALL:ALL",
                                  position: (141, 24),
                                 },
                                ],
                                position: (141, 23),
                               },
                              },
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "description",
                                  position: (142, 13),
                                 },
                                ],
                               },
                               to: String {
                                parts: [
                                 Raw {
                                  content: "Under which user/group the specified command is allowed to run.\n\nA user can be specified using just the username: <code>\"foo\"</code>.\nIt is also possible to specify a user/group combination using <code>\"foo:bar\"</code>\nor to only allow running as a specific group with <code>\":bar\"</code>.\n",
                                  position: (143, 1),
                                 },
                                ],
                                position: (142, 27),
                               },
                              },
                             ],
                             recursive: false,
                             position: (139, 28),
                            },
                           ],
                          },
                         },
                         Binding {
                          from: AttributePath {
                           parts: [
                            Raw {
                             content: "commands",
                             position: (151, 11),
                            },
                           ],
                          },
                          to: FunctionApplication {
                           function: Variable {
                            identifier: "mkOption",
                            position: (151, 22),
                           },
                           arguments: [
                            Map {
                             bindings: [
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "description",
                                  position: (152, 13),
                                 },
                                ],
                               },
                               to: String {
                                parts: [
                                 Raw {
                                  content: "The commands for which the rule should apply.\n",
                                  position: (153, 1),
                                 },
                                ],
                                position: (152, 27),
                               },
                              },
                              Binding {
                               from: AttributePath {
                                parts: [
                                 Raw {
                                  content: "type",
                                  position: (155, 13),
                                 },
                                ],
                               },
                               to: With {
                                expression: Variable {
                                 identifier: "types",
                                 position: (155, 25),
                                },
                                target: FunctionApplication {
                                 function: Variable {
                                  identifier: "listOf",
                                  position: (155, 32),
                                 },
                                 arguments: [
                                  Parentheses {
                                   expression: FunctionApplication {
                                    function: Variable {
                                     identifier: "either",
                                     position: (155, 40),
                                    },
                                    arguments: [
                                     Variable {
                                      identifier: "str",
                                      position: (155, 47),
                                     },
                                     Parentheses {
                                      expression: FunctionApplication {
                                       function: Variable {
                                        identifier: "submodule",
                                        position: (155, 52),
                                       },
                                       arguments: [
                                        Map {
                                         bindings: [
                                          Binding {
                                           from: AttributePath {
                                            parts: [
                                             Raw {
                                              content: "options",
                                              position: (157, 15),
                                             },
                                            ],
                                           },
                                           to: Map {
                                            bindings: [
                                             Binding {
                                              from: AttributePath {
                                               parts: [
                                                Raw {
                                                 content: "command",
                                                 position: (158, 17),
                                                },
                                               ],
                                              },
                                              to: FunctionApplication {
                                               function: Variable {
                                                identifier: "mkOption",
                                                position: (158, 27),
                                               },
                                               arguments: [
                                                Map {
                                                 bindings: [
                                                  Binding {
                                                   from: AttributePath {
                                                    parts: [
                                                     Raw {
                                                      content: "type",
                                                      position: (159, 19),
                                                     },
                                                    ],
                                                   },
                                                   to: With {
                                                    expression: Variable {
                                                     identifier: "types",
                                                     position: (159, 31),
                                                    },
                                                    target: Variable {
                                                     identifier: "str",
                                                     position: (159, 38),
                                                    },
                                                    position: (159, 26),
                                                   },
                                                  },
                                                  Binding {
                                                   from: AttributePath {
                                                    parts: [
                                                     Raw {
                                                      content: "description",
                                                      position: (160, 19),
                                                     },
                                                    ],
                                                   },
                                                   to: String {
                                                    parts: [
                                                     Raw {
                                                      content: "A command being either just a path to a binary to allow any arguments,\nthe full command with arguments pre-set or with <code>\"\"</code> used as the argument,\nnot allowing arguments to the command at all.\n",
                                                      position: (161, 1),
                                                     },
                                                    ],
                                                    position: (160, 33),
                                                   },
                                                  },
                                                 ],
                                                 recursive: false,
                                                 position: (158, 36),
                                                },
                                               ],
                                              },
                                             },
                                             Binding {
                                              from: AttributePath {
                                               parts: [
                                                Raw {
                                                 content: "options",
                                                 position: (167, 17),
                                                },
                                               ],
                                              },
                                              to: FunctionApplication {
                                               function: Variable {
                                                identifier: "mkOption",
                                                position: (167, 27),
                                               },
                                               arguments: [
                                                Map {
                                                 bindings: [
                                                  Binding {
                                                   from: AttributePath {
                                                    parts: [
                                                     Raw {
                                                      content: "type",
                                                      position: (168, 19),
                                                     },
                                                    ],
                                                   },
                                                   to: With {
                                                    expression: Variable {
                                                     identifier: "types",
                                                     position: (168, 31),
                                                    },
                                                    target: FunctionApplication {
                                                     function: Variable {
                                                      identifier: "listOf",
                                                      position: (168, 38),
                                                     },
                                                     arguments: [
                                                      Parentheses {
                                                       expression: FunctionApplication {
                                                        function: Variable {
                                                         identifier: "enum",
                                                         position: (168, 46),
                                                        },
                                                        arguments: [
                                                         List {
                                                          elements: [
                                                           String {
                                                            parts: [
                                                             Raw {
                                                              content: "NOPASSWD",
                                                              position: (168, 54),
                                                             },
                                                            ],
                                                            position: (168, 53),
                                                           },
                                                           String {
                                                            parts: [
                                                             Raw {
                                                              content: "PASSWD",
                                                              position: (168, 65),
                                                             },
                                                            ],
                                                            position: (168, 64),
                                                           },
                                                           String {
                                                            parts: [
                                                             Raw {
                                                              content: "NOEXEC",
                                                              position: (168, 74),
                                                             },
                                                            ],
                                                            position: (168, 73),
                                                           },
                                                           String {
                                                            parts: [
                                                             Raw {
                                                              content: "EXEC",
                                                              position: (168, 83),
                                                             },
                                                            ],
                                                            position: (168, 82),
                                                           },
                                                           String {
                                                            parts: [
                                                             Raw {
                                                              content: "SETENV",
                                                              position: (168, 90),
                                                             },
                                                            ],
                                                            position: (168, 89),
                                                           },
                                                           String {
                                                            parts: [
                                                             Raw {
                                                              content: "NOSETENV",
                                                              position: (168, 99),
                                                             },
                                                            ],
                                                            position: (168, 98),
                                                           },
                                                           String {
                                                            parts: [
                                                             Raw {
                                                              content: "LOG_INPUT",
                                                              position: (168, 110),
                                                             },
                                                            ],
                                                            position: (168, 109),
                                                           },
                                                           String {
                                                            parts: [
                                                             Raw {
                                                              content: "NOLOG_INPUT",
                                                              position: (168, 122),
                                                             },
                                                            ],
                                                            position: (168, 121),
                                                           },
                                                           String {
                                                            parts: [
                                                             Raw {
                                                              content: "LOG_OUTPUT",
                                                              position: (168, 136),
                                                             },
                                                            ],
                                                            position: (168, 135),
                                                           },
                                                           String {
                                                            parts: [
                                                             Raw {
                                                              content: "NOLOG_OUTPUT",
                                                              position: (168, 149),
                                                             },
                                                            ],
                                                            position: (168, 148),
                                                           },
                                                          ],
                                                          position: (168, 51),
                                                         },
                                                        ],
                                                       },
                                                       position: (168, 45),
                                                      },
                                                     ],
                                                    },
                                                    position: (168, 26),
                                                   },
                                                  },
                                                  Binding {
                                                   from: AttributePath {
                                                    parts: [
                                                     Raw {
                                                      content: "description",
                                                      position: (169, 19),
                                                     },
                                                    ],
                                                   },
                                                   to: String {
                                                    parts: [
                                                     Raw {
                                                      content: "Options for running the command. Refer to the <a href=\"https://www.sudo.ws/man/1.7.10/sudoers.man.html\">sudo manual</a>.\n",
                                                      position: (170, 1),
                                                     },
                                                    ],
                                                    position: (169, 33),
                                                   },
                                                  },
                                                  Binding {
                                                   from: AttributePath {
                                                    parts: [
                                                     Raw {
                                                      content: "default",
                                                      position: (172, 19),
                                                     },
                                                    ],
                                                   },
                                                   to: List {
                                                    elements: [],
                                                    position: (172, 29),
                                                   },
                                                  },
                                                 ],
                                                 recursive: false,
                                                 position: (167, 36),
                                                },
                                               ],
                                              },
                                             },
                                            ],
                                            recursive: false,
                                            position: (157, 25),
                                           },
                                          },
                                         ],
                                         recursive: false,
                                         position: (155, 62),
                                        },
                                       ],
                                      },
                                      position: (155, 51),
                                     },
                                    ],
                                   },
                                   position: (155, 39),
                                  },
                                 ],
                                },
                                position: (155, 20),
                               },
                              },
                             ],
                             recursive: false,
                             position: (151, 31),
                            },
                           ],
                          },
                         },
                        ],
                        recursive: false,
                        position: (114, 19),
                       },
                      },
                     ],
                     recursive: false,
                     position: (113, 44),
                    },
                   ],
                  },
                  position: (113, 33),
                 },
                ],
               },
               position: (113, 14),
              },
             },
            ],
            recursive: false,
            position: (86, 41),
           },
          ],
         },
        },
        Binding {
         from: AttributePath {
          parts: [
           Raw {
            content: "security",
            position: (182, 5),
           },
           Raw {
            content: "sudo",
            position: (182, 14),
           },
           Raw {
            content: "extraConfig",
            position: (182, 19),
           },
          ],
         },
         to: FunctionApplication {
          function: Variable {
           identifier: "mkOption",
           position: (182, 33),
          },
          arguments: [
           Map {
            bindings: [
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "type",
                 position: (183, 7),
                },
               ],
              },
              to: PropertyAccess {
               expression: Variable {
                identifier: "types",
                position: (183, 14),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "lines",
                  position: (183, 20),
                 },
                ],
               },
               default: None,
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "default",
                 position: (184, 7),
                },
               ],
              },
              to: String {
               parts: [],
               position: (184, 17),
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "description",
                 position: (185, 7),
                },
               ],
              },
              to: String {
               parts: [
                Raw {
                 content: "Extra configuration text appended to <filename>sudoers</filename>.\n",
                 position: (186, 1),
                },
               ],
               position: (185, 21),
              },
             },
            ],
            recursive: false,
            position: (182, 42),
           },
          ],
         },
        },
       ],
       recursive: false,
       position: (33, 13),
      },
     },
     Binding {
      from: AttributePath {
       parts: [
        Raw {
         content: "config",
         position: (194, 3),
        },
       ],
      },
      to: FunctionApplication {
       function: Variable {
        identifier: "mkIf",
        position: (194, 12),
       },
       arguments: [
        PropertyAccess {
         expression: Variable {
          identifier: "cfg",
          position: (194, 17),
         },
         attribute_path: AttributePath {
          parts: [
           Raw {
            content: "enable",
            position: (194, 21),
           },
          ],
         },
         default: None,
        },
        Map {
         bindings: [
          Binding {
           from: AttributePath {
            parts: [
             Raw {
              content: "security",
              position: (198, 5),
             },
             Raw {
              content: "sudo",
              position: (198, 14),
             },
             Raw {
              content: "extraRules",
              position: (198, 19),
             },
            ],
           },
           to: FunctionApplication {
            function: Variable {
             identifier: "mkOrder",
             position: (198, 32),
            },
            arguments: [
             Int {
              value: 600,
              position: (198, 40),
             },
             List {
              elements: [
               Map {
                bindings: [
                 Binding {
                  from: AttributePath {
                   parts: [
                    Raw {
                     content: "groups",
                     position: (199, 9),
                    },
                   ],
                  },
                  to: List {
                   elements: [
                    String {
                     parts: [
                      Raw {
                       content: "wheel",
                       position: (199, 21),
                      },
                     ],
                     position: (199, 20),
                    },
                   ],
                   position: (199, 18),
                  },
                 },
                 Binding {
                  from: AttributePath {
                   parts: [
                    Raw {
                     content: "commands",
                     position: (200, 9),
                    },
                   ],
                  },
                  to: List {
                   elements: [
                    Map {
                     bindings: [
                      Binding {
                       from: AttributePath {
                        parts: [
                         Raw {
                          content: "command",
                          position: (200, 24),
                         },
                        ],
                       },
                       to: String {
                        parts: [
                         Raw {
                          content: "ALL",
                          position: (200, 35),
                         },
                        ],
                        position: (200, 34),
                       },
                      },
                      Binding {
                       from: AttributePath {
                        parts: [
                         Raw {
                          content: "options",
                          position: (200, 41),
                         },
                        ],
                       },
                       to: Parentheses {
                        expression: IfThenElse {
                         predicate: PropertyAccess {
                          expression: Variable {
                           identifier: "cfg",
                           position: (200, 55),
                          },
                          attribute_path: AttributePath {
                           parts: [
                            Raw {
                             content: "wheelNeedsPassword",
                             position: (200, 59),
                            },
                           ],
                          },
                          default: None,
                         },
                         then: List {
                          elements: [
                           String {
                            parts: [
                             Raw {
                              content: "SETENV",
                              position: (200, 86),
                             },
                            ],
                            position: (200, 85),
                           },
                          ],
                          position: (200, 83),
                         },
                         else_: List {
                          elements: [
                           String {
                            parts: [
                             Raw {
                              content: "NOPASSWD",
                              position: (200, 104),
                             },
                            ],
                            position: (200, 103),
                           },
                           String {
                            parts: [
                             Raw {
                              content: "SETENV",
                              position: (200, 115),
                             },
                            ],
                            position: (200, 114),
                           },
                          ],
                          position: (200, 101),
                         },
                         position: (200, 52),
                        },
                        position: (200, 51),
                       },
                      },
                     ],
                     recursive: false,
                     position: (200, 22),
                    },
                   ],
                   position: (200, 20),
                  },
                 },
                ],
                recursive: false,
                position: (199, 7),
               },
              ],
              position: (198, 44),
             },
            ],
           },
          },
          Binding {
           from: AttributePath {
            parts: [
             Raw {
              content: "security",
              position: (204, 5),
             },
             Raw {
              content: "sudo",
              position: (204, 14),
             },
             Raw {
              content: "configFile",
              position: (204, 19),
             },
            ],
           },
           to: String {
            parts: [
             Raw {
              content: "# Don't edit this file. Set the NixOS options ‘security.sudo.configFile’\n# or ‘security.sudo.extraRules’ instead.\n\n# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.\nDefaults env_keep+=SSH_AUTH_SOCK\n\n# \"root\" is allowed to do anything.\nroot        ALL=(ALL:ALL) SETENV: ALL\n\n# extraRules\n",
              position: (206, 1),
             },
             Interpolation {
              expression: FunctionApplication {
               function: Variable {
                identifier: "concatStringsSep",
                position: (216, 11),
               },
               arguments: [
                String {
                 parts: [
                  Raw {
                   content: "\n",
                   position: (216, 29),
                  },
                 ],
                 position: (216, 28),
                },
                Parentheses {
                 expression: FunctionApplication {
                  function: PropertyAccess {
                   expression: Variable {
                    identifier: "lists",
                    position: (217, 11),
                   },
                   attribute_path: AttributePath {
                    parts: [
                     Raw {
                      content: "flatten",
                      position: (217, 17),
                     },
                    ],
                   },
                   default: None,
                  },
                  arguments: [
                   Parentheses {
                    expression: FunctionApplication {
                     function: Variable {
                      identifier: "map",
                      position: (218, 13),
                     },
                     arguments: [
                      Parentheses {
                       expression: Function {
                        argument: Simple {
                         identifier: "rule",
                        },
                        definition: IfThenElse {
                         predicate: Parentheses {
                          expression: BinaryOperation {
                           operator: NotEqualTo,
                           operands: [
                            FunctionApplication {
                             function: Variable {
                              identifier: "length",
                              position: (219, 25),
                             },
                             arguments: [
                              PropertyAccess {
                               expression: Variable {
                                identifier: "rule",
                                position: (219, 32),
                               },
                               attribute_path: AttributePath {
                                parts: [
                                 Raw {
                                  content: "commands",
                                  position: (219, 37),
                                 },
                                ],
                               },
                               default: None,
                              },
                             ],
                            },
                            Int {
                             value: 0,
                             position: (219, 49),
                            },
                           ],
                           position: (219, 46),
                          },
                          position: (219, 24),
                         },
                         then: List {
                          elements: [
                           Parentheses {
                            expression: FunctionApplication {
                             function: Variable {
                              identifier: "map",
                              position: (220, 18),
                             },
                             arguments: [
                              Parentheses {
                               expression: Function {
                                argument: Simple {
                                 identifier: "user",
                                },
                                definition: String {
                                 parts: [
                                  Interpolation {
                                   expression: FunctionApplication {
                                    function: Variable {
                                     identifier: "toUserString",
                                     position: (220, 32),
                                    },
                                    arguments: [
                                     Variable {
                                      identifier: "user",
                                      position: (220, 45),
                                     },
                                    ],
                                   },
                                  },
                                  Raw {
                                   content: "\t",
                                   position: (220, 50),
                                  },
                                  Interpolation {
                                   expression: PropertyAccess {
                                    expression: Variable {
                                     identifier: "rule",
                                     position: (220, 53),
                                    },
                                    attribute_path: AttributePath {
                                     parts: [
                                      Raw {
                                       content: "host",
                                       position: (220, 58),
                                      },
                                     ],
                                    },
                                    default: None,
                                   },
                                  },
                                  Raw {
                                   content: "=(",
                                   position: (220, 63),
                                  },
                                  Interpolation {
                                   expression: PropertyAccess {
                                    expression: Variable {
                                     identifier: "rule",
                                     position: (220, 67),
                                    },
                                    attribute_path: AttributePath {
                                     parts: [
                                      Raw {
                                       content: "runAs",
                                       position: (220, 72),
                                      },
                                     ],
                                    },
                                    default: None,
                                   },
                                  },
                                  Raw {
                                   content: ")\t",
                                   position: (220, 78),
                                  },
                                  Interpolation {
                                   expression: FunctionApplication {
                                    function: Variable {
                                     identifier: "toCommandsString",
                                     position: (220, 82),
                                    },
                                    arguments: [
                                     PropertyAccess {
                                      expression: Variable {
                                       identifier: "rule",
                                       position: (220, 99),
                                      },
                                      attribute_path: AttributePath {
                                       parts: [
                                        Raw {
                                         content: "commands",
                                         position: (220, 104),
                                        },
                                       ],
                                      },
                                      default: None,
                                     },
                                    ],
                                   },
                                  },
                                 ],
                                 position: (220, 29),
                                },
                                position: (220, 23),
                               },
                               position: (220, 22),
                              },
                              PropertyAccess {
                               expression: Variable {
                                identifier: "rule",
                                position: (220, 116),
                               },
                               attribute_path: AttributePath {
                                parts: [
                                 Raw {
                                  content: "users",
                                  position: (220, 121),
                                 },
                                ],
                               },
                               default: None,
                              },
                             ],
                            },
                            position: (220, 17),
                           },
                           Parentheses {
                            expression: FunctionApplication {
                             function: Variable {
                              identifier: "map",
                              position: (221, 18),
                             },
                             arguments: [
                              Parentheses {
                               expression: Function {
                                argument: Simple {
                                 identifier: "group",
                                },
                                definition: String {
                                 parts: [
                                  Interpolation {
                                   expression: FunctionApplication {
                                    function: Variable {
                                     identifier: "toGroupString",
                                     position: (221, 33),
                                    },
                                    arguments: [
                                     Variable {
                                      identifier: "group",
                                      position: (221, 47),
                                     },
                                    ],
                                   },
                                  },
                                  Raw {
                                   content: "\t",
                                   position: (221, 53),
                                  },
                                  Interpolation {
                                   expression: PropertyAccess {
                                    expression: Variable {
                                     identifier: "rule",
                                     position: (221, 56),
                                    },
                                    attribute_path: AttributePath {
                                     parts: [
                                      Raw {
                                       content: "host",
                                       position: (221, 61),
                                      },
                                     ],
                                    },
                                    default: None,
                                   },
                                  },
                                  Raw {
                                   content: "=(",
                                   position: (221, 66),
                                  },
                                  Interpolation {
                                   expression: PropertyAccess {
                                    expression: Variable {
                                     identifier: "rule",
                                     position: (221, 70),
                                    },
                                    attribute_path: AttributePath {
                                     parts: [
                                      Raw {
                                       content: "runAs",
                                       position: (221, 75),
                                      },
                                     ],
                                    },
                                    default: None,
                                   },
                                  },
                                  Raw {
                                   content: ")\t",
                                   position: (221, 81),
                                  },
                                  Interpolation {
                                   expression: FunctionApplication {
                                    function: Variable {
                                     identifier: "toCommandsString",
                                     position: (221, 85),
                                    },
                                    arguments: [
                                     PropertyAccess {
                                      expression: Variable {
                                       identifier: "rule",
                                       position: (221, 102),
                                      },
                                      attribute_path: AttributePath {
                                       parts: [
                                        Raw {
                                         content: "commands",
                                         position: (221, 107),
                                        },
                                       ],
                                      },
                                      default: None,
                                     },
                                    ],
                                   },
                                  },
                                 ],
                                 position: (221, 30),
                                },
                                position: (221, 23),
                               },
                               position: (221, 22),
                              },
                              PropertyAccess {
                               expression: Variable {
                                identifier: "rule",
                                position: (221, 119),
                               },
                               attribute_path: AttributePath {
                                parts: [
                                 Raw {
                                  content: "groups",
                                  position: (221, 124),
                                 },
                                ],
                               },
                               default: None,
                              },
                             ],
                            },
                            position: (221, 17),
                           },
                          ],
                          position: (219, 57),
                         },
                         else_: List {
                          elements: [],
                          position: (222, 22),
                         },
                         position: (219, 21),
                        },
                        position: (219, 15),
                       },
                       position: (218, 17),
                      },
                      PropertyAccess {
                       expression: Variable {
                        identifier: "cfg",
                        position: (223, 15),
                       },
                       attribute_path: AttributePath {
                        parts: [
                         Raw {
                          content: "extraRules",
                          position: (223, 19),
                         },
                        ],
                       },
                       default: None,
                      },
                     ],
                    },
                    position: (217, 25),
                   },
                  ],
                 },
                 position: (216, 33),
                },
               ],
              },
             },
             Raw {
              content: "\n\n",
              position: (225, 11),
             },
             Interpolation {
              expression: PropertyAccess {
               expression: Variable {
                identifier: "cfg",
                position: (227, 11),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "extraConfig",
                  position: (227, 15),
                 },
                ],
               },
               default: None,
              },
             },
             Raw {
              content: "\n",
              position: (227, 27),
             },
            ],
            position: (205, 7),
           },
          },
          Binding {
           from: AttributePath {
            parts: [
             Raw {
              content: "security",
              position: (230, 5),
             },
             Raw {
              content: "wrappers",
              position: (230, 14),
             },
            ],
           },
           to: LetIn {
            bindings: [
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "owner",
                 position: (231, 7),
                },
               ],
              },
              to: String {
               parts: [
                Raw {
                 content: "root",
                 position: (231, 16),
                },
               ],
               position: (231, 15),
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "group",
                 position: (232, 7),
                },
               ],
              },
              to: IfThenElse {
               predicate: PropertyAccess {
                expression: Variable {
                 identifier: "cfg",
                 position: (232, 18),
                },
                attribute_path: AttributePath {
                 parts: [
                  Raw {
                   content: "execWheelOnly",
                   position: (232, 22),
                  },
                 ],
                },
                default: None,
               },
               then: String {
                parts: [
                 Raw {
                  content: "wheel",
                  position: (232, 42),
                 },
                ],
                position: (232, 41),
               },
               else_: String {
                parts: [
                 Raw {
                  content: "root",
                  position: (232, 55),
                 },
                ],
                position: (232, 54),
               },
               position: (232, 15),
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "setuid",
                 position: (233, 7),
                },
               ],
              },
              to: Variable {
               identifier: "true",
               position: (233, 16),
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "permissions",
                 position: (234, 7),
                },
               ],
              },
              to: IfThenElse {
               predicate: PropertyAccess {
                expression: Variable {
                 identifier: "cfg",
                 position: (234, 24),
                },
                attribute_path: AttributePath {
                 parts: [
                  Raw {
                   content: "execWheelOnly",
                   position: (234, 28),
                  },
                 ],
                },
                default: None,
               },
               then: String {
                parts: [
                 Raw {
                  content: "u+rx,g+x",
                  position: (234, 48),
                 },
                ],
                position: (234, 47),
               },
               else_: String {
                parts: [
                 Raw {
                  content: "u+rx,g+x,o+x",
                  position: (234, 64),
                 },
                ],
                position: (234, 63),
               },
               position: (234, 21),
              },
             },
            ],
            target: Map {
             bindings: [
              Binding {
               from: AttributePath {
                parts: [
                 Raw {
                  content: "sudo",
                  position: (236, 7),
                 },
                ],
               },
               to: Map {
                bindings: [
                 Binding {
                  from: AttributePath {
                   parts: [
                    Raw {
                     content: "source",
                     position: (237, 9),
                    },
                   ],
                  },
                  to: String {
                   parts: [
                    Interpolation {
                     expression: PropertyAccess {
                      expression: Variable {
                       identifier: "cfg",
                       position: (237, 21),
                      },
                      attribute_path: AttributePath {
                       parts: [
                        Raw {
                         content: "package",
                         position: (237, 25),
                        },
                        Raw {
                         content: "out",
                         position: (237, 33),
                        },
                       ],
                      },
                      default: None,
                     },
                    },
                    Raw {
                     content: "/bin/sudo",
                     position: (237, 37),
                    },
                   ],
                   position: (237, 18),
                  },
                 },
                 Inherit {
                  from: None,
                  attributes: [
                   Raw {
                    content: "owner",
                    position: (238, 17),
                   },
                   Raw {
                    content: "group",
                    position: (238, 23),
                   },
                   Raw {
                    content: "setuid",
                    position: (238, 29),
                   },
                   Raw {
                    content: "permissions",
                    position: (238, 36),
                   },
                  ],
                 },
                ],
                recursive: false,
                position: (236, 14),
               },
              },
              Binding {
               from: AttributePath {
                parts: [
                 Raw {
                  content: "sudoedit",
                  position: (240, 7),
                 },
                ],
               },
               to: Map {
                bindings: [
                 Binding {
                  from: AttributePath {
                   parts: [
                    Raw {
                     content: "source",
                     position: (241, 9),
                    },
                   ],
                  },
                  to: String {
                   parts: [
                    Interpolation {
                     expression: PropertyAccess {
                      expression: Variable {
                       identifier: "cfg",
                       position: (241, 21),
                      },
                      attribute_path: AttributePath {
                       parts: [
                        Raw {
                         content: "package",
                         position: (241, 25),
                        },
                        Raw {
                         content: "out",
                         position: (241, 33),
                        },
                       ],
                      },
                      default: None,
                     },
                    },
                    Raw {
                     content: "/bin/sudoedit",
                     position: (241, 37),
                    },
                   ],
                   position: (241, 18),
                  },
                 },
                 Inherit {
                  from: None,
                  attributes: [
                   Raw {
                    content: "owner",
                    position: (242, 17),
                   },
                   Raw {
                    content: "group",
                    position: (242, 23),
                   },
                   Raw {
                    content: "setuid",
                    position: (242, 29),
                   },
                   Raw {
                    content: "permissions",
                    position: (242, 36),
                   },
                  ],
                 },
                ],
                recursive: false,
                position: (240, 18),
               },
              },
             ],
             recursive: false,
             position: (235, 8),
            },
            position: (230, 25),
           },
          },
          Binding {
           from: AttributePath {
            parts: [
             Raw {
              content: "environment",
              position: (246, 5),
             },
             Raw {
              content: "systemPackages",
              position: (246, 17),
             },
            ],
           },
           to: List {
            elements: [
             Variable {
              identifier: "sudo",
              position: (246, 36),
             },
            ],
            position: (246, 34),
           },
          },
          Binding {
           from: AttributePath {
            parts: [
             Raw {
              content: "security",
              position: (248, 5),
             },
             Raw {
              content: "pam",
              position: (248, 14),
             },
             Raw {
              content: "services",
              position: (248, 18),
             },
             Raw {
              content: "sudo",
              position: (248, 27),
             },
            ],
           },
           to: Map {
            bindings: [
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "sshAgentAuth",
                 position: (248, 36),
                },
               ],
              },
              to: Variable {
               identifier: "true",
               position: (248, 51),
              },
             },
            ],
            recursive: false,
            position: (248, 34),
           },
          },
          Binding {
           from: AttributePath {
            parts: [
             Raw {
              content: "environment",
              position: (250, 5),
             },
             Raw {
              content: "etc",
              position: (250, 17),
             },
             Raw {
              content: "sudoers",
              position: (250, 21),
             },
            ],
           },
           to: Map {
            bindings: [
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "source",
                 position: (251, 9),
                },
               ],
              },
              to: FunctionApplication {
               function: PropertyAccess {
                expression: Variable {
                 identifier: "pkgs",
                 position: (252, 11),
                },
                attribute_path: AttributePath {
                 parts: [
                  Raw {
                   content: "runCommand",
                   position: (252, 16),
                  },
                 ],
                },
                default: None,
               },
               arguments: [
                String {
                 parts: [
                  Raw {
                   content: "sudoers",
                   position: (252, 28),
                  },
                 ],
                 position: (252, 27),
                },
                Map {
                 bindings: [
                  Binding {
                   from: AttributePath {
                    parts: [
                     Raw {
                      content: "src",
                      position: (254, 13),
                     },
                    ],
                   },
                   to: FunctionApplication {
                    function: PropertyAccess {
                     expression: Variable {
                      identifier: "pkgs",
                      position: (254, 19),
                     },
                     attribute_path: AttributePath {
                      parts: [
                       Raw {
                        content: "writeText",
                        position: (254, 24),
                       },
                      ],
                     },
                     default: None,
                    },
                    arguments: [
                     String {
                      parts: [
                       Raw {
                        content: "sudoers-in",
                        position: (254, 35),
                       },
                      ],
                      position: (254, 34),
                     },
                     PropertyAccess {
                      expression: Variable {
                       identifier: "cfg",
                       position: (254, 47),
                      },
                      attribute_path: AttributePath {
                       parts: [
                        Raw {
                         content: "configFile",
                         position: (254, 51),
                        },
                       ],
                      },
                      default: None,
                     },
                    ],
                   },
                  },
                  Binding {
                   from: AttributePath {
                    parts: [
                     Raw {
                      content: "preferLocalBuild",
                      position: (255, 13),
                     },
                    ],
                   },
                   to: Variable {
                    identifier: "true",
                    position: (255, 32),
                   },
                  },
                 ],
                 recursive: false,
                 position: (253, 11),
                },
                String {
                 parts: [
                  Interpolation {
                   expression: PropertyAccess {
                    expression: Variable {
                     identifier: "pkgs",
                     position: (259, 14),
                    },
                    attribute_path: AttributePath {
                     parts: [
                      Raw {
                       content: "buildPackages",
                       position: (259, 19),
                      },
                      Raw {
                       content: "sudo",
                       position: (259, 33),
                      },
                     ],
                    },
                    default: None,
                   },
                  },
                  Raw {
                   content: "/sbin/visudo -f $src -c && cp $src $out",
                   position: (259, 38),
                  },
                 ],
                 position: (259, 11),
                },
               ],
              },
             },
             Binding {
              from: AttributePath {
               parts: [
                Raw {
                 content: "mode",
                 position: (260, 9),
                },
               ],
              },
              to: String {
               parts: [
                Raw {
                 content: "0440",
                 position: (260, 17),
                },
               ],
               position: (260, 16),
              },
             },
            ],
            recursive: false,
            position: (251, 7),
           },
          },
         ],
         recursive: false,
         position: (194, 28),
        },
       ],
      },
     },
    ],
    recursive: false,
    position: (29, 1),
   },
   position: (5, 1),
  },
  position: (3, 1),
 },
 position: (1, 1),
}