summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2016-04-27 13:49:31 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2016-04-27 13:49:31 +0200
commit30c0f61766d2e04a8e1389c677468aa76b3cb446 (patch)
tree13e30a55c0c364d23f87099af5bf838c0bcc52b4
parent22e40999c03f84365636ff65c5f3316512042910 (diff)
downloadnixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar
nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar.gz
nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar.bz2
nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar.xz
nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.zip
command-path
-rw-r--r--custom/uucp.nix18
-rw-r--r--ymir.nix4
2 files changed, 11 insertions, 11 deletions
diff --git a/custom/uucp.nix b/custom/uucp.nix
index ef10c3ca..458e0e07 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -16,9 +16,7 @@ let
16 port ${name} 16 port ${name}
17 chat "" 17 chat ""
18 protocol e 18 protocol e
19 ''; 19 command-path ${concatStringsSep " " config.services.uucp.commandPath}
20 permissions = set: name: let commands = set."${name}"; in ''
21 MACHINE=${name} COMMANDS=${concatStringsSep ":" commands}
22 ''; 20 '';
23in { 21in {
24 options = { 22 options = {
@@ -50,12 +48,19 @@ in {
50 }; 48 };
51 49
52 remoteNodes = mkOption { 50 remoteNodes = mkOption {
53 type = types.attrsOf (types.listOf types.str); 51 type = types.listOf types.str;
54 default = {}; 52 default = {};
55 description = '' 53 description = ''
56 Ports to set up 54 Ports to set up
57 Names will probably need to be configured in sshConfig 55 Names will probably need to be configured in sshConfig
58 Values are permitted commands 56 '';
57 };
58
59 commandPath = mkOption {
60 type = types.listOf types.path;
61 default = [ "${pkgs.rmail}/bin" ];
62 description = ''
63 Command search path for all systems
59 ''; 64 '';
60 }; 65 };
61 66
@@ -158,9 +163,6 @@ in {
158 environment.etc."uucp/sys" = { 163 environment.etc."uucp/sys" = {
159 text = concatStringsSep "\n" (map sysSpec (builtins.attrNames config.services.uucp.remoteNodes)); 164 text = concatStringsSep "\n" (map sysSpec (builtins.attrNames config.services.uucp.remoteNodes));
160 }; 165 };
161 environment.etc."uucp/Permissions" = {
162 text = concatStringsSep "\n" (map (permissions config.services.uucp.remoteNodes) (builtins.attrNames config.services.uucp.remoteNodes));
163 };
164 166
165 security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]; 167 security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"];
166 168
diff --git a/ymir.nix b/ymir.nix
index 26980944..755d0a2c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -341,9 +341,7 @@ in rec {
341 services.uucp = { 341 services.uucp = {
342 enable = true; 342 enable = true;
343 nodeName = "ymir"; 343 nodeName = "ymir";
344 remoteNodes = { 344 remoteNodes = ["isaac"]; # legacy name for odin
345 "isaac" = ["pwd" "${pkgs.rmail}/bin/rmail"]; # legacy name for odin
346 };
347 sshUser = { 345 sshUser = {
348 openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgtDHA7oDIaRwggGGznNaKZF68rFTziqefSCn1t9ZKe uucp@odin'' 346 openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgtDHA7oDIaRwggGGznNaKZF68rFTziqefSCn1t9ZKe uucp@odin''
349 ]; 347 ];