Fix setuid-wrappers path

author: Gregor Kleen <gkleen@yggdrasil.li> 2017-02-20 22:39:19 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2017-02-20 22:39:19 +0100
commit: 2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f (patch)
tree: 2c09a1bedae80ea2535ff034b6c5a4d64899f34b /hel.nix
parent: 74910038136583c57eb7bda7ae00485f226f76e1 (diff)
download: nixos-2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f.tar
nixos-2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f.tar.gz
nixos-2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f.tar.bz2
nixos-2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f.tar.xz
nixos-2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/hel.nix b/hel.nix
index 4e528bba..a7b34fe4 100644
--- a/hel.nix
+++ b/hel.nix
@@ -176,8 +176,8 @@
      nodeName = "hel";
      remoteNodes = ["isaac" "ymir"]; # legacy name for odin
      sshUser = {
-        openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir''
+        openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${config.security.wrapperDir}/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir''
-                                        ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${pkgs.writeScript "odin.sh" "#!${pkgs.stdenv.shell}\necho .\nexec -a uucico /var/setuid-wrappers/uucico\n"}" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhACtnt9+3j2ev4QVA2QBlPtblPnu7yol2njgfMlHtC uucp@odin''
+                                        ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${pkgs.writeScript "odin.sh" "#!${pkgs.stdenv.shell}\necho .\nexec -a uucico ${config.security.wrapperDir}/uucico\n"}" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhACtnt9+3j2ev4QVA2QBlPtblPnu7yol2njgfMlHtC uucp@odin''
                                      ];
      };
      sshConfig = ''
@@ -188,7 +188,7 @@
          Hostname ymir.niflheim.yggdrasil
          IdentityFile ~/.ssh/ymir
      '';
-      commandPath = [ "${pkgs.callPackage ./hel/recv-media.nix {}}/bin" "/var/setuid-wrappers/" ];
+      commandPath = [ "${pkgs.callPackage ./hel/recv-media.nix {}}/bin" config.security.wrapperDir ];
      defaultCommands = [];
      commands = {
        "isaac" = ["recv-media" "notify-gkleen"];
@@ -209,7 +209,7 @@
      relayHost = "uucp:ymir";
      recipientDelimiter = "+";
      extraMasterConf = ''
-        uucp        unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a $sender - $nexthop!rmail ($recipient)
+        uucp        unix - n n - - pipe flags=Fqhu user=uucp argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)
        sshsendmail unix - n n - - pipe flags=Fq user=postfix_ssh argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient
      '';
      transport = ''
@@ -361,7 +361,7 @@
                   setgid = true;
                   setuid = true;
                   permissions = "u+rx,g+x,o+x";
-                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; inherit (config.security) wrapperDir}}/bin/notify-gkleen'';
                 };
               };
author	Gregor Kleen <gkleen@yggdrasil.li>	2017-02-20 22:39:19 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2017-02-20 22:39:19 +0100
commit	2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f (patch)
tree	2c09a1bedae80ea2535ff034b6c5a4d64899f34b /hel.nix
parent	74910038136583c57eb7bda7ae00485f226f76e1 (diff)
download	nixos-2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f.tar nixos-2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f.tar.gz nixos-2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f.tar.bz2 nixos-2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f.tar.xz nixos-2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f.zip

diff --git a/hel.nix b/hel.nix index 4e528bba..a7b34fe4 100644 --- a/hel.nix +++ b/hel.nix
@@ -176,8 +176,8 @@
176	nodeName = "hel";	176	nodeName = "hel";
177	remoteNodes = ["isaac" "ymir"]; # legacy name for odin	177	remoteNodes = ["isaac" "ymir"]; # legacy name for odin
178	sshUser = {	178	sshUser = {
179	openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir''	179	openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${config.security.wrapperDir}/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir''
180	''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${pkgs.writeScript "odin.sh" "#!${pkgs.stdenv.shell}\necho .\nexec -a uucico /var/setuid-wrappers/uucico\n"}" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhACtnt9+3j2ev4QVA2QBlPtblPnu7yol2njgfMlHtC uucp@odin''	180	''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${pkgs.writeScript "odin.sh" "#!${pkgs.stdenv.shell}\necho .\nexec -a uucico ${config.security.wrapperDir}/uucico\n"}" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhACtnt9+3j2ev4QVA2QBlPtblPnu7yol2njgfMlHtC uucp@odin''
181	];	181	];
182	};	182	};
183	sshConfig = ''	183	sshConfig = ''
@@ -188,7 +188,7 @@
188	Hostname ymir.niflheim.yggdrasil	188	Hostname ymir.niflheim.yggdrasil
189	IdentityFile ~/.ssh/ymir	189	IdentityFile ~/.ssh/ymir
190	'';	190	'';
191	commandPath = [ "${pkgs.callPackage ./hel/recv-media.nix {}}/bin" "/var/setuid-wrappers/" ];	191	commandPath = [ "${pkgs.callPackage ./hel/recv-media.nix {}}/bin" config.security.wrapperDir ];
192	defaultCommands = [];	192	defaultCommands = [];
193	commands = {	193	commands = {
194	"isaac" = ["recv-media" "notify-gkleen"];	194	"isaac" = ["recv-media" "notify-gkleen"];
@@ -209,7 +209,7 @@
209	relayHost = "uucp:ymir";	209	relayHost = "uucp:ymir";
210	recipientDelimiter = "+";	210	recipientDelimiter = "+";
211	extraMasterConf = ''	211	extraMasterConf = ''
212	uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a $sender - $nexthop!rmail ($recipient)	212	uucp unix - n n - - pipe flags=Fqhu user=uucp argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)
213	sshsendmail unix - n n - - pipe flags=Fq user=postfix_ssh argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient	213	sshsendmail unix - n n - - pipe flags=Fq user=postfix_ssh argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient
214	'';	214	'';
215	transport = ''	215	transport = ''
@@ -361,7 +361,7 @@
361	setgid = true;	361	setgid = true;
362	setuid = true;	362	setuid = true;
363	permissions = "u+rx,g+x,o+x";	363	permissions = "u+rx,g+x,o+x";
364	source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';	364	source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; inherit (config.security) wrapperDir}}/bin/notify-gkleen'';
365	};	365	};
366	};	366	};
367		367