2 files changed, 14 insertions, 13 deletions
diff --git a/custom/uucp.nix b/custom/uucp.nix
index b5e5a0aa..2fbba8f9 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -208,7 +208,7 @@ in {
      text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes);
    };
-    security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"];
+    security.wrappers = listToAttrs (map (p: {source = "${pkgs.uucp}/bin/${p}"; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]);
    nixpkgs.config.packageOverrides = pkgs: with pkgs; {
      uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: {
diff --git a/hel.nix b/hel.nix
index 3eb83309..5d9de1b8 100644
--- a/hel.nix
+++ b/hel.nix
@@ -45,7 +45,6 @@
    git
    slock
    shadow
-    (callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })
    (callPackage ./utils/nix/rebuild-system.nix {})
    rewacom
  ];
@@ -350,17 +349,19 @@
      %wheel ALL=(ALL) NOPASSWD: SYSCTRL
    '';
-    setuidPrograms = ["slock" "mount" "mount.nfs" "umount" "newgrp" "thinklight"];
+    security.wrappers = { "slock".source = "${pkgs.slock}/bin/slock";
+                          "mount".source = "${pkgs.utillinux.bin}/bin/mount";
-    setuidOwners = [ { group = "users";
+                          "umount".source = "${pkgs.utillinux.bin}/bin/umount";
-                       owner = "gkleen";
+                          "newgrp".source = "${pkgs.shadow}/bin/newgrp";
-                       permissions = "u+rx,g+x,o+x";
+                          "thinklight".source =
-                       program = "notify-gkleen";
+                            "${(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
-                       setgid = true;
+                          "notify-gkleen" = {
-                       setuid = true;
+                            group = "users";
-                       source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                            owner = "gkleen";
-                     }
+                            setgid = true;
-                   ];
+                            setuid = true;
+                            source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                        };
    polkit = {
      enable = true;

diff --git a/custom/uucp.nix b/custom/uucp.nix index b5e5a0aa..2fbba8f9 100644 --- a/custom/uucp.nix +++ b/custom/uucp.nix
@@ -208,7 +208,7 @@ in {
208	text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes);	208	text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes);
209	};	209	};
210		210
211	security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"];	211	security.wrappers = listToAttrs (map (p: {source = "${pkgs.uucp}/bin/${p}"; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]);
212		212
213	nixpkgs.config.packageOverrides = pkgs: with pkgs; {	213	nixpkgs.config.packageOverrides = pkgs: with pkgs; {
214	uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: {	214	uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: {


diff --git a/hel.nix b/hel.nix index 3eb83309..5d9de1b8 100644 --- a/hel.nix +++ b/hel.nix
@@ -45,7 +45,6 @@
45	git	45	git
46	slock	46	slock
47	shadow	47	shadow
48	(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })
49	(callPackage ./utils/nix/rebuild-system.nix {})	48	(callPackage ./utils/nix/rebuild-system.nix {})
50	rewacom	49	rewacom
51	];	50	];
@@ -350,17 +349,19 @@
350	%wheel ALL=(ALL) NOPASSWD: SYSCTRL	349	%wheel ALL=(ALL) NOPASSWD: SYSCTRL
351	'';	350	'';
352		351
353	setuidPrograms = ["slock" "mount" "mount.nfs" "umount" "newgrp" "thinklight"];	352	security.wrappers = { "slock".source = "${pkgs.slock}/bin/slock";
354		353	"mount".source = "${pkgs.utillinux.bin}/bin/mount";
355	setuidOwners = [ { group = "users";	354	"umount".source = "${pkgs.utillinux.bin}/bin/umount";
356	owner = "gkleen";	355	"newgrp".source = "${pkgs.shadow}/bin/newgrp";
357	permissions = "u+rx,g+x,o+x";	356	"thinklight".source =
358	program = "notify-gkleen";	357	"${(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
359	setgid = true;	358	"notify-gkleen" = {
360	setuid = true;	359	group = "users";
361	source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';	360	owner = "gkleen";
362	}	361	setgid = true;
363	];	362	setuid = true;
		363	source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
		364	};
364		365
365	polkit = {	366	polkit = {
366	enable = true;	367	enable = true;