diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2016-04-27 13:49:31 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2016-04-27 13:49:31 +0200 |
commit | 30c0f61766d2e04a8e1389c677468aa76b3cb446 (patch) | |
tree | 13e30a55c0c364d23f87099af5bf838c0bcc52b4 | |
parent | 22e40999c03f84365636ff65c5f3316512042910 (diff) | |
download | nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar.gz nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar.bz2 nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.tar.xz nixos-30c0f61766d2e04a8e1389c677468aa76b3cb446.zip |
command-path
-rw-r--r-- | custom/uucp.nix | 18 | ||||
-rw-r--r-- | ymir.nix | 4 |
2 files changed, 11 insertions, 11 deletions
diff --git a/custom/uucp.nix b/custom/uucp.nix index ef10c3ca..458e0e07 100644 --- a/custom/uucp.nix +++ b/custom/uucp.nix | |||
@@ -16,9 +16,7 @@ let | |||
16 | port ${name} | 16 | port ${name} |
17 | chat "" | 17 | chat "" |
18 | protocol e | 18 | protocol e |
19 | ''; | 19 | command-path ${concatStringsSep " " config.services.uucp.commandPath} |
20 | permissions = set: name: let commands = set."${name}"; in '' | ||
21 | MACHINE=${name} COMMANDS=${concatStringsSep ":" commands} | ||
22 | ''; | 20 | ''; |
23 | in { | 21 | in { |
24 | options = { | 22 | options = { |
@@ -50,12 +48,19 @@ in { | |||
50 | }; | 48 | }; |
51 | 49 | ||
52 | remoteNodes = mkOption { | 50 | remoteNodes = mkOption { |
53 | type = types.attrsOf (types.listOf types.str); | 51 | type = types.listOf types.str; |
54 | default = {}; | 52 | default = {}; |
55 | description = '' | 53 | description = '' |
56 | Ports to set up | 54 | Ports to set up |
57 | Names will probably need to be configured in sshConfig | 55 | Names will probably need to be configured in sshConfig |
58 | Values are permitted commands | 56 | ''; |
57 | }; | ||
58 | |||
59 | commandPath = mkOption { | ||
60 | type = types.listOf types.path; | ||
61 | default = [ "${pkgs.rmail}/bin" ]; | ||
62 | description = '' | ||
63 | Command search path for all systems | ||
59 | ''; | 64 | ''; |
60 | }; | 65 | }; |
61 | 66 | ||
@@ -158,9 +163,6 @@ in { | |||
158 | environment.etc."uucp/sys" = { | 163 | environment.etc."uucp/sys" = { |
159 | text = concatStringsSep "\n" (map sysSpec (builtins.attrNames config.services.uucp.remoteNodes)); | 164 | text = concatStringsSep "\n" (map sysSpec (builtins.attrNames config.services.uucp.remoteNodes)); |
160 | }; | 165 | }; |
161 | environment.etc."uucp/Permissions" = { | ||
162 | text = concatStringsSep "\n" (map (permissions config.services.uucp.remoteNodes) (builtins.attrNames config.services.uucp.remoteNodes)); | ||
163 | }; | ||
164 | 166 | ||
165 | security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]; | 167 | security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]; |
166 | 168 | ||
@@ -341,9 +341,7 @@ in rec { | |||
341 | services.uucp = { | 341 | services.uucp = { |
342 | enable = true; | 342 | enable = true; |
343 | nodeName = "ymir"; | 343 | nodeName = "ymir"; |
344 | remoteNodes = { | 344 | remoteNodes = ["isaac"]; # legacy name for odin |
345 | "isaac" = ["pwd" "${pkgs.rmail}/bin/rmail"]; # legacy name for odin | ||
346 | }; | ||
347 | sshUser = { | 345 | sshUser = { |
348 | openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgtDHA7oDIaRwggGGznNaKZF68rFTziqefSCn1t9ZKe uucp@odin'' | 346 | openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgtDHA7oDIaRwggGGznNaKZF68rFTziqefSCn1t9ZKe uucp@odin'' |
349 | ]; | 347 | ]; |