Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2024-01-14 21:45:31 +0100
committer: makefu <github@syntax-fehler.de> 2024-01-14 21:45:31 +0100
commit: 9b553ebec7cb3315d5d7ad551ba942005e0da501 (patch)
tree: a4efff47471b575d8ed90aa0ae1afd56d5ced281 /krebs/3modules/setuid.nix
parent: 2ca25d5fc3b5bcabe15b0934208b5f5201420eb2 (diff)
parent: 9368e6d78abbe1523a2a54279fd4e9db01a4f610 (diff)
1 files changed, 19 insertions, 7 deletions
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index fdb96c8ba..e3108d88e 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -80,13 +80,25 @@ let
   };
 
   imp = {
-    system.activationScripts."krebs.setuid" = stringAfter [ "usrbinenv" ]
-      (concatMapStringsSep "\n"
-        (cfg: /* sh */ ''
-          ${cfg.activate}
-          rm -f ${cfg.wrapperDir}/${cfg.name}.real
-        '')
-        (attrValues config.krebs.setuid));
+    systemd.services."krebs.setuid" = {
+      wantedBy = [ "suid-sgid-wrappers.service" ];
+      after = [ "suid-sgid-wrappers.service" ];
+      path = [
+        pkgs.coreutils
+      ];
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = pkgs.writeDash "krebs.setuid.sh" ''
+          ${concatMapStringsSep "\n"
+            (getAttr "activate")
+            (attrValues config.krebs.setuid)
+          }
+        '';
+      };
+      unitConfig = {
+        DefaultDependencies = false;
+      };
+    };
   };
 
 in out
author	makefu <github@syntax-fehler.de>	2024-01-14 21:45:31 +0100
committer	makefu <github@syntax-fehler.de>	2024-01-14 21:45:31 +0100
commit	9b553ebec7cb3315d5d7ad551ba942005e0da501 (patch)
tree	a4efff47471b575d8ed90aa0ae1afd56d5ced281 /krebs/3modules/setuid.nix
parent	2ca25d5fc3b5bcabe15b0934208b5f5201420eb2 (diff)
parent	9368e6d78abbe1523a2a54279fd4e9db01a4f610 (diff)