diff options
Diffstat (limited to 'tv/2configs')
-rw-r--r-- | tv/2configs/default.nix | 2 | ||||
-rw-r--r-- | tv/2configs/pulse.nix | 3 | ||||
-rw-r--r-- | tv/2configs/urlwatch.nix | 2 | ||||
-rw-r--r-- | tv/2configs/xserver/default.nix | 2 |
4 files changed, 6 insertions, 3 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index dc26a6c..33fb7e4 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import <stockholm/lib>; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4"; + ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 2a3b5cb..4185512 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -76,6 +76,9 @@ in }; }; + # TODO assert that pulse is the only user with "audio" in group/extraGroups + # otherwise the audio device can be hijacked while the pulse service restarts + # (e.g. when mpv is running) and then the service will fail. users = { groups.pulse.gid = config.users.users.pulse.uid; users.pulse = { diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 6e11e02..5779240 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -31,7 +31,7 @@ with import <stockholm/lib>; ## other - https://nixos.org/channels/nixos-16.09/git-revision + https://nixos.org/channels/nixos-17.03/git-revision https://nixos.org/channels/nixos-unstable/git-revision ## 2014-10-17 diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7dcfecc..deb929c 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -18,7 +18,7 @@ in { ]; # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + # TODO krebs.setuid.slock.path vs /run/wrappers/bin krebs.setuid.slock = { filename = "${pkgs.slock}/bin/slock"; group = "wheel"; |