summaryrefslogtreecommitdiffstats
path: root/tv/2configs/xserver
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-05-25 03:03:21 +0200
committertv <tv@krebsco.de>2016-05-25 03:03:21 +0200
commitcfd5771961b7a6969e888503aa20c842d94c5bc7 (patch)
tree62d96b8ec5465a823506715194df45b4d42d8657 /tv/2configs/xserver
parent4cc0217943787f7cd4d07f945ab084face42e8d1 (diff)
tv slock: user krebs.setuid
Diffstat (limited to 'tv/2configs/xserver')
-rw-r--r--tv/2configs/xserver/default.nix14
1 files changed, 10 insertions, 4 deletions
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index a6a8205..b5b1167 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -37,15 +37,21 @@ let
pkgs.ff
pkgs.gitAndTools.qgit
pkgs.mpv
- pkgs.slock
pkgs.sxiv
pkgs.xsel
pkgs.zathura
];
- security.setuidPrograms = [
- "slock"
- ];
+ # TODO dedicated group, i.e. with a single user
+ # TODO krebs.setuid.slock.path vs /var/setuid-wrappers
+ krebs.setuid.slock = {
+ filename = "${pkgs.slock}/bin/slock";
+ group = "wheel";
+ envp = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ USER = user.name;
+ };
+ };
systemd.services.display-manager.enable = false;