4 files changed, 5 insertions, 16 deletions

diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index baa891821..1abf51ae6 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -1,27 +1,14 @@
-{ config, lib, pkgs, ...}:
+{ config, lib, pkgs, stockholm, ...}:
 
 {
   # generate private key with:
   # nix-store --generate-binary-cache-key my-secret-key my-public-key
   services.nix-serve = {
     enable = true;
-    secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+    secretKeyFile = toString <secrets> + "/nix-serve.key";
     port = 5005;
   };
 
-  systemd.services.nix-serve = {
-    after = [
-      config.krebs.secret.files.nix-serve-key.service
-    ];
-    partOf = [
-      config.krebs.secret.files.nix-serve-key.service
-    ];
-  };
-  krebs.secret.files.nix-serve-key = {
-    path = "/run/secret/nix-serve.key";
-    owner.name = "nix-serve";
-    source-path = toString <secrets> + "/nix-serve.key";
-  };
   services.nginx = {
     enable = true;
     virtualHosts.nix-serve = {
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index c3fbc2093..dc97719ad 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -215,7 +215,6 @@ with import <stockholm/lib>;
     noipv4ll
   '';
 
-  documentation.nixos.includeAllModules = true;
 
   # use 24:00 time format, the default got sneakily changed around 20.03
   i18n.defaultLocale = mkDefault "C.UTF-8";
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index bffa1036b..b6765037c 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -227,6 +227,7 @@ rec {
       services.phpfpm.pools."${domain}" = {
         user = "nginx";
         group = "nginx";
+        phpPackage = pkgs.php74;
         extraConfig = ''
           listen = /srv/http/${domain}/phpfpm.pool
           pm = dynamic
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index b1011ced0..094d37a36 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -36,11 +36,13 @@
     '';
 
     security.wrappers.shadow_verify_pam = {
+      setuid = true;
       source = "${usershadow}/bin/verify_pam";
       owner = "root";
       group = "root";
     };
     security.wrappers.shadow_verify_arg = {
+      setuid = true;
       source = "${usershadow}/bin/verify_arg";
       owner = "root";
       group = "root";