diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2016-04-27 13:49:31 +0200 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2016-04-27 13:49:31 +0200 |
| commit | 30c0f61766d2e04a8e1389c677468aa76b3cb446 (patch) | |
| tree | 13e30a55c0c364d23f87099af5bf838c0bcc52b4 | |
| parent | 22e40999c03f84365636ff65c5f3316512042910 (diff) | |
| download | nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar.gz nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar.bz2 nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar.xz nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.zip | |
command-path
| -rw-r--r-- | custom/uucp.nix | 18 | ||||
| -rw-r--r-- | ymir.nix | 4 |
2 files changed, 11 insertions, 11 deletions
diff --git a/custom/uucp.nix b/custom/uucp.nix index ef10c3ca..458e0e07 100644 --- a/custom/uucp.nix +++ b/custom/uucp.nix | |||
| @@ -16,9 +16,7 @@ let | |||
| 16 | port ${name} | 16 | port ${name} |
| 17 | chat "" | 17 | chat "" |
| 18 | protocol e | 18 | protocol e |
| 19 | ''; | 19 | command-path ${concatStringsSep " " config.services.uucp.commandPath} |
| 20 | permissions = set: name: let commands = set."${name}"; in '' | ||
| 21 | MACHINE=${name} COMMANDS=${concatStringsSep ":" commands} | ||
| 22 | ''; | 20 | ''; |
| 23 | in { | 21 | in { |
| 24 | options = { | 22 | options = { |
| @@ -50,12 +48,19 @@ in { | |||
| 50 | }; | 48 | }; |
| 51 | 49 | ||
| 52 | remoteNodes = mkOption { | 50 | remoteNodes = mkOption { |
| 53 | type = types.attrsOf (types.listOf types.str); | 51 | type = types.listOf types.str; |
| 54 | default = {}; | 52 | default = {}; |
| 55 | description = '' | 53 | description = '' |
| 56 | Ports to set up | 54 | Ports to set up |
| 57 | Names will probably need to be configured in sshConfig | 55 | Names will probably need to be configured in sshConfig |
| 58 | Values are permitted commands | 56 | ''; |
| 57 | }; | ||
| 58 | |||
| 59 | commandPath = mkOption { | ||
| 60 | type = types.listOf types.path; | ||
| 61 | default = [ "${pkgs.rmail}/bin" ]; | ||
| 62 | description = '' | ||
| 63 | Command search path for all systems | ||
| 59 | ''; | 64 | ''; |
| 60 | }; | 65 | }; |
| 61 | 66 | ||
| @@ -158,9 +163,6 @@ in { | |||
| 158 | environment.etc."uucp/sys" = { | 163 | environment.etc."uucp/sys" = { |
| 159 | text = concatStringsSep "\n" (map sysSpec (builtins.attrNames config.services.uucp.remoteNodes)); | 164 | text = concatStringsSep "\n" (map sysSpec (builtins.attrNames config.services.uucp.remoteNodes)); |
| 160 | }; | 165 | }; |
| 161 | environment.etc."uucp/Permissions" = { | ||
| 162 | text = concatStringsSep "\n" (map (permissions config.services.uucp.remoteNodes) (builtins.attrNames config.services.uucp.remoteNodes)); | ||
| 163 | }; | ||
| 164 | 166 | ||
| 165 | security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]; | 167 | security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]; |
| 166 | 168 | ||
| @@ -341,9 +341,7 @@ in rec { | |||
| 341 | services.uucp = { | 341 | services.uucp = { |
| 342 | enable = true; | 342 | enable = true; |
| 343 | nodeName = "ymir"; | 343 | nodeName = "ymir"; |
| 344 | remoteNodes = { | 344 | remoteNodes = ["isaac"]; # legacy name for odin |
| 345 | "isaac" = ["pwd" "${pkgs.rmail}/bin/rmail"]; # legacy name for odin | ||
| 346 | }; | ||
| 347 | sshUser = { | 345 | sshUser = { |
| 348 | openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgtDHA7oDIaRwggGGznNaKZF68rFTziqefSCn1t9ZKe uucp@odin'' | 346 | openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgtDHA7oDIaRwggGGznNaKZF68rFTziqefSCn1t9ZKe uucp@odin'' |
| 349 | ]; | 347 | ]; |