summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-05-25 03:03:21 +0200
committertv <tv@krebsco.de>2016-05-25 03:03:21 +0200
commit36c5834c288b56b6955e35d95708ae7f65f199f9 (patch)
tree3f500ddf0bee6c35f03ef8624318c6dd86bbf065
parent82a8e7eca896c94e35de22a734d538f25e028faf (diff)
tv slock: user krebs.setuid
-rw-r--r--tv/2configs/xserver/default.nix14
1 files changed, 10 insertions, 4 deletions
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index a6a820507..b5b116786 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -37,15 +37,21 @@ let
pkgs.ff
pkgs.gitAndTools.qgit
pkgs.mpv
- pkgs.slock
pkgs.sxiv
pkgs.xsel
pkgs.zathura
];
- security.setuidPrograms = [
- "slock"
- ];
+ # TODO dedicated group, i.e. with a single user
+ # TODO krebs.setuid.slock.path vs /var/setuid-wrappers
+ krebs.setuid.slock = {
+ filename = "${pkgs.slock}/bin/slock";
+ group = "wheel";
+ envp = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ USER = user.name;
+ };
+ };
systemd.services.display-manager.enable = false;