diff options
| author | lassulus <lassulus@lassul.us> | 2021-02-11 11:09:03 +0100 |
|---|---|---|
| committer | lassulus <lassulus@lassul.us> | 2021-02-11 11:09:03 +0100 |
| commit | 3054b326ef5e9d92ef8d26b50db5546691c24d59 (patch) | |
| tree | 26eeae9a61206a5fddba5690729e2ee2f7ab52e6 /krebs/3modules/setuid.nix | |
| parent | f0e8399b81b911da6c88d7af442bc305a1827c66 (diff) | |
| parent | bda725bbfc4a4e1ecf8a8fd8d3dbff69b5cf4d60 (diff) | |
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'krebs/3modules/setuid.nix')
| -rw-r--r-- | krebs/3modules/setuid.nix | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 97cf21cdd..64fedb911 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -1,24 +1,20 @@ -{ config, pkgs, lib, ... }: with import <stockholm/lib>; -let - cfg = config.krebs.setuid; +{ config, pkgs, ... }: let out = { options.krebs.setuid = api; - config = mkIf (cfg != {}) imp; + config = mkIf (config.krebs.setuid != {}) imp; }; api = mkOption { default = {}; type = let - # TODO make wrapperDir configurable - inherit (config.security) wrapperDir; inherit (config.users) groups users; - in types.attrsOf (types.submodule ({ config, ... }: { + in types.attrsOf (types.submodule (self: let cfg = self.config; in { options = { name = mkOption { type = types.filename; - default = config._module.args.name; + default = cfg._module.args.name; }; envp = mkOption { type = types.nullOr (types.attrsOf types.str); @@ -51,6 +47,10 @@ let merge = mergeOneOption; }; }; + wrapperDir = mkOption { + default = config.security.wrapperDir; + type = types.absolute-pathname; + }; activate = mkOption { type = types.str; visible = false; @@ -58,21 +58,22 @@ let }; }; config.activate = let - src = pkgs.exec config.name { - inherit (config) envp filename; + src = pkgs.exec cfg.name { + inherit (cfg) envp filename; }; - dst = "${wrapperDir}/${config.name}"; + dst = "${cfg.wrapperDir}/${cfg.name}"; in '' + mkdir -p ${cfg.wrapperDir} cp ${src} ${dst} - chown ${config.owner}.${config.group} ${dst} - chmod ${config.mode} ${dst} + chown ${cfg.owner}.${cfg.group} ${dst} + chmod ${cfg.mode} ${dst} ''; })); }; imp = { system.activationScripts."krebs.setuid" = stringAfter [ "wrappers" ] - (concatMapStringsSep "\n" (getAttr "activate") (attrValues cfg)); + (concatMapStringsSep "\n" (getAttr "activate") (attrValues config.krebs.setuid)); }; in out |