From 461ca80e6dff653360012d3eb5373a479a6e54ed Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:42:44 +0100 Subject: tv nixpkgs: 5d03aab -> 53a2baa --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/2configs') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index dc26a6c..1d3ee39 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4"; + ref = "53a2baa"; # nixos-unstable (17.03-rc) }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; -- cgit v1.2.3 From a51975b1dc7cbeb75291706d1309ecef43d484a8 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:57:52 +0100 Subject: krebs,tv: /var/setuid-wrappers -> /run/wrappers/bin --- tv/2configs/xserver/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/2configs') diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7dcfecc..deb929c 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -18,7 +18,7 @@ in { ]; # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + # TODO krebs.setuid.slock.path vs /run/wrappers/bin krebs.setuid.slock = { filename = "${pkgs.slock}/bin/slock"; group = "wheel"; -- cgit v1.2.3 From 5b569ce10e7156fd0a7e0caec51f79bff0dd6007 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 23:15:56 +0100 Subject: tv urlwatch: nixos-16.09 -> nixos-17.03 --- tv/2configs/urlwatch.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/2configs') diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 6e11e02..5779240 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -31,7 +31,7 @@ with import ; ## other - https://nixos.org/channels/nixos-16.09/git-revision + https://nixos.org/channels/nixos-17.03/git-revision https://nixos.org/channels/nixos-unstable/git-revision ## 2014-10-17 -- cgit v1.2.3 From 59870808ac04f4f9c829c3dcf87d02c63ea37feb Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 23:21:53 +0100 Subject: tv nixpkgs: 53a2baa -> 5b0c9d4 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/2configs') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 1d3ee39..33fb7e4 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "53a2baa"; # nixos-unstable (17.03-rc) + ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; -- cgit v1.2.3 From f927ed394ce174587a29c58eba0dfa81a5ddafa8 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 6 Mar 2017 13:11:21 +0100 Subject: tv pulse: talk about hijacking audio devices --- tv/2configs/pulse.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tv/2configs') diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 2a3b5cb..4185512 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -76,6 +76,9 @@ in }; }; + # TODO assert that pulse is the only user with "audio" in group/extraGroups + # otherwise the audio device can be hijacked while the pulse service restarts + # (e.g. when mpv is running) and then the service will fail. users = { groups.pulse.gid = config.users.users.pulse.uid; users.pulse = { -- cgit v1.2.3