Bump setuid wrappers

author: Gregor Kleen <gkleen@yggdrasil.li> 2017-02-20 01:45:04 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2017-02-20 01:45:04 +0100
commit: 65924ba6e9a34aac5d5ab51db4cfb43d08825269 (patch)
tree: 414d4775178c6b56ed5809c26e8215db43a4a855 /hel.nix
parent: dbb20f11069af3c302de02f122dd3f54535068a4 (diff)
download: nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar
nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.gz
nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.bz2
nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.xz
nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.zip
1 files changed, 13 insertions, 12 deletions
diff --git a/hel.nix b/hel.nix
index 3eb83309..5d9de1b8 100644
--- a/hel.nix
+++ b/hel.nix
@@ -45,7 +45,6 @@
    git
    slock
    shadow
-    (callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })
    (callPackage ./utils/nix/rebuild-system.nix {})
    rewacom
  ];
@@ -350,17 +349,19 @@
      %wheel ALL=(ALL) NOPASSWD: SYSCTRL
    '';
-    setuidPrograms = ["slock" "mount" "mount.nfs" "umount" "newgrp" "thinklight"];
+    security.wrappers = { "slock".source = "${pkgs.slock}/bin/slock";
+                          "mount".source = "${pkgs.utillinux.bin}/bin/mount";
-    setuidOwners = [ { group = "users";
+                          "umount".source = "${pkgs.utillinux.bin}/bin/umount";
-                       owner = "gkleen";
+                          "newgrp".source = "${pkgs.shadow}/bin/newgrp";
-                       permissions = "u+rx,g+x,o+x";
+                          "thinklight".source =
-                       program = "notify-gkleen";
+                            "${(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
-                       setgid = true;
+                          "notify-gkleen" = {
-                       setuid = true;
+                            group = "users";
-                       source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                            owner = "gkleen";
-                     }
+                            setgid = true;
-                   ];
+                            setuid = true;
+                            source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                        };
    polkit = {
      enable = true;
author	Gregor Kleen <gkleen@yggdrasil.li>	2017-02-20 01:45:04 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2017-02-20 01:45:04 +0100
commit	65924ba6e9a34aac5d5ab51db4cfb43d08825269 (patch)
tree	414d4775178c6b56ed5809c26e8215db43a4a855 /hel.nix
parent	dbb20f11069af3c302de02f122dd3f54535068a4 (diff)
download	nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.gz nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.bz2 nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.xz nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.zip

diff --git a/hel.nix b/hel.nix index 3eb83309..5d9de1b8 100644 --- a/hel.nix +++ b/hel.nix
@@ -45,7 +45,6 @@
45	git	45	git
46	slock	46	slock
47	shadow	47	shadow
48	(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })
49	(callPackage ./utils/nix/rebuild-system.nix {})	48	(callPackage ./utils/nix/rebuild-system.nix {})
50	rewacom	49	rewacom
51	];	50	];
@@ -350,17 +349,19 @@
350	%wheel ALL=(ALL) NOPASSWD: SYSCTRL	349	%wheel ALL=(ALL) NOPASSWD: SYSCTRL
351	'';	350	'';
352		351
353	setuidPrograms = ["slock" "mount" "mount.nfs" "umount" "newgrp" "thinklight"];	352	security.wrappers = { "slock".source = "${pkgs.slock}/bin/slock";
354		353	"mount".source = "${pkgs.utillinux.bin}/bin/mount";
355	setuidOwners = [ { group = "users";	354	"umount".source = "${pkgs.utillinux.bin}/bin/umount";
356	owner = "gkleen";	355	"newgrp".source = "${pkgs.shadow}/bin/newgrp";
357	permissions = "u+rx,g+x,o+x";	356	"thinklight".source =
358	program = "notify-gkleen";	357	"${(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
359	setgid = true;	358	"notify-gkleen" = {
360	setuid = true;	359	group = "users";
361	source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';	360	owner = "gkleen";
362	}	361	setgid = true;
363	];	362	setuid = true;
		363	source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
		364	};
364		365
365	polkit = {	366	polkit = {
366	enable = true;	367	enable = true;