From d780569d78a28ec4fb2722a699cedc6839406009 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 2 Mar 2017 19:42:44 +0100
Subject: tv nixpkgs: 5d03aab -> 53a2baa

---
 tv/2configs/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tv/2configs')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index dc26a6c6f..1d3ee3980 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -14,7 +14,7 @@ with import <stockholm/lib>;
       stockholm.file = "/home/tv/stockholm";
       nixpkgs.git = {
         url = https://github.com/NixOS/nixpkgs;
-        ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4";
+        ref = "53a2baa"; # nixos-unstable (17.03-rc)
       };
     } // optionalAttrs host.secure {
       secrets-master.file = "/home/tv/secrets/master";
-- 
cgit v1.2.3


From ed3585bfcfd154688a7e95b2f1179133a1a53734 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 2 Mar 2017 19:57:52 +0100
Subject: krebs,tv: /var/setuid-wrappers -> /run/wrappers/bin

---
 tv/2configs/xserver/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tv/2configs')

diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 7dcfecce6..deb929c34 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -18,7 +18,7 @@ in {
   ];
 
   # TODO dedicated group, i.e. with a single user [per-user-setuid]
-  # TODO krebs.setuid.slock.path vs /var/setuid-wrappers
+  # TODO krebs.setuid.slock.path vs /run/wrappers/bin
   krebs.setuid.slock = {
     filename = "${pkgs.slock}/bin/slock";
     group = "wheel";
-- 
cgit v1.2.3


From 4f3ece51f7e775bcad1df209bc8881cdbcd5c516 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 4 Mar 2017 23:15:56 +0100
Subject: tv urlwatch: nixos-16.09 -> nixos-17.03

---
 tv/2configs/urlwatch.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tv/2configs')

diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 6e11e0251..5779240ba 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -31,7 +31,7 @@ with import <stockholm/lib>;
 
       ## other
 
-      https://nixos.org/channels/nixos-16.09/git-revision
+      https://nixos.org/channels/nixos-17.03/git-revision
       https://nixos.org/channels/nixos-unstable/git-revision
 
       ## 2014-10-17
-- 
cgit v1.2.3


From d7761aed6559adba3cfa61d822165c42c90fc276 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 4 Mar 2017 23:21:53 +0100
Subject: tv nixpkgs: 53a2baa -> 5b0c9d4

---
 tv/2configs/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tv/2configs')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 1d3ee3980..33fb7e492 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -14,7 +14,7 @@ with import <stockholm/lib>;
       stockholm.file = "/home/tv/stockholm";
       nixpkgs.git = {
         url = https://github.com/NixOS/nixpkgs;
-        ref = "53a2baa"; # nixos-unstable (17.03-rc)
+        ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03
       };
     } // optionalAttrs host.secure {
       secrets-master.file = "/home/tv/secrets/master";
-- 
cgit v1.2.3


From 0953240b832117aef4d2ee3cc9cb1ff0e606242e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 6 Mar 2017 13:11:21 +0100
Subject: tv pulse: talk about hijacking audio devices

---
 tv/2configs/pulse.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'tv/2configs')

diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index 2a3b5cbc1..418551213 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -76,6 +76,9 @@ in
     };
   };
 
+  # TODO assert that pulse is the only user with "audio" in group/extraGroups
+  # otherwise the audio device can be hijacked while the pulse service restarts
+  # (e.g. when mpv is running) and then the service will fail.
   users = {
     groups.pulse.gid = config.users.users.pulse.uid;
     users.pulse = {
-- 
cgit v1.2.3