diff options
-rw-r--r-- | krebs/3modules/setuid.nix | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index fdb96c8ba..e3108d88e 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -80,13 +80,25 @@ let }; imp = { - system.activationScripts."krebs.setuid" = stringAfter [ "usrbinenv" ] - (concatMapStringsSep "\n" - (cfg: /* sh */ '' - ${cfg.activate} - rm -f ${cfg.wrapperDir}/${cfg.name}.real - '') - (attrValues config.krebs.setuid)); + systemd.services."krebs.setuid" = { + wantedBy = [ "suid-sgid-wrappers.service" ]; + after = [ "suid-sgid-wrappers.service" ]; + path = [ + pkgs.coreutils + ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeDash "krebs.setuid.sh" '' + ${concatMapStringsSep "\n" + (getAttr "activate") + (attrValues config.krebs.setuid) + } + ''; + }; + unitConfig = { + DefaultDependencies = false; + }; + }; }; in out |