6 files changed, 105 insertions, 100 deletions
diff --git a/custom/thermoprint b/custom/thermoprint
-Subproject e95dac748371afcad3ffddf5c98e5fcb0a8302b
+Subproject ba2e44af40746f339e1ed652ea233c739790556
diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
index 58c5237c..563335ad 100644
--- a/custom/tinc/def.nix
+++ b/custom/tinc/def.nix
@@ -6,6 +6,77 @@ let
  cfg = config.services.customTinc;
+  networkModule = {
+    extraConfig = mkOption {
+      default = ''
+        PingTimeout = 10
+      '';
+      type = types.lines;
+      description = ''
+        Extra lines to add to the tinc service configuration file.
+      '';
+    };
+    name = mkOption {
+      default = null;
+      type = types.nullOr types.str;
+      description = ''
+        The name of the node which is used as an identifier when communicating
+        with the remote nodes in the mesh. If null then the hostname of the system
+        is used.
+      '';
+    };
+    debugLevel = mkOption {
+      default = 0;
+      type = types.addCheck types.int (l: l >= 0 && l <= 5);
+      description = ''
+        The amount of debugging information to add to the log. 0 means little
+        logging while 5 is the most logging. <command>man tincd</command> for
+        more details.
+      '';
+    };
+    hosts = mkOption {
+      default = { };
+      type = types.loaOf types.lines;
+      description = ''
+        The name of the host in the network as well as the configuration for that host.
+        This name should only contain alphanumerics and underscores.
+      '';
+    };
+    interfaceType = mkOption {
+      default = "tun";
+      type = types.addCheck types.str (n: n == "tun" || n == "tap");
+      description = ''
+        The type of virtual interface used for the network connection
+      '';
+    };
+    interfaceConfig = mkOption {
+      default = { };
+      description = ''
+        Additional configuration for the generated network interface
+      '';
+    };
+    package = mkOption {
+      default = pkgs.tinc_pre;
+      description = ''
+        The package to use for the tinc daemon's binary.
+      '';
+    };
+    scripts = mkOption {
+      default = { };
+      type = types.loaOf (types.nullOr types.str);
+      description = ''
+        Hook scripts
+      '';
+    };
+  };
 in
 {
@@ -18,83 +89,11 @@ in
      networks = mkOption {
        default = { };
-        type = types.loaOf types.optionSet;
+        type = types.loaOf (types.submodule { options = networkModule; });
        description = ''
          Defines the tinc networks which will be started.
          Each network invokes a different daemon.
        '';
-        options = {
-          extraConfig = mkOption {
-            default = ''
-              PingTimeout = 10
-            '';
-            type = types.lines;
-            description = ''
-              Extra lines to add to the tinc service configuration file.
-            '';
-          };
-          name = mkOption {
-            default = null;
-            type = types.nullOr types.str;
-            description = ''
-              The name of the node which is used as an identifier when communicating
-              with the remote nodes in the mesh. If null then the hostname of the system
-              is used.
-            '';
-          };
-          debugLevel = mkOption {
-            default = 0;
-            type = types.addCheck types.int (l: l >= 0 && l <= 5);
-            description = ''
-              The amount of debugging information to add to the log. 0 means little
-              logging while 5 is the most logging. <command>man tincd</command> for
-              more details.
-            '';
-          };
-          hosts = mkOption {
-            default = { };
-            type = types.loaOf types.lines;
-            description = ''
-              The name of the host in the network as well as the configuration for that host.
-              This name should only contain alphanumerics and underscores.
-            '';
-          };
-          interfaceType = mkOption {
-            default = "tun";
-            type = types.addCheck types.str (n: n == "tun" || n == "tap");
-            description = ''
-              The type of virtual interface used for the network connection
-            '';
-          };
-          interfaceConfig = mkOption {
-            default = { };
-            description = ''
-              Additional configuration for the generated network interface
-            '';
-          };
-          package = mkOption {
-            default = pkgs.tinc_pre;
-            description = ''
-              The package to use for the tinc daemon's binary.
-            '';
-          };
-          scripts = mkOption {
-            default = { };
-            type = types.loaOf (types.nullOr types.str);
-            description = ''
-              Hook scripts
-            '';
-          };
-        };
      };
    };
diff --git a/custom/trivmix b/custom/trivmix
-Subproject 72467d55a7b6e3afcafc2cd1527da10574cf636
+Subproject 70e600346fb5875defe14d578883c9838695d53
diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix
index 3c3cded7..e9120f88 100644
--- a/custom/trivmix-service.nix
+++ b/custom/trivmix-service.nix
@@ -3,43 +3,40 @@
 , connectOut ? null
 , connectIn ? null
 , group ? null
+, initial ? null
 , trivmix
 , stdenv
 , makeWrapper
 , jack2Full
 , coreutils
+, writeScript
 }:
 let
-  genRun = if ! isNull run then run else (
+  connect = (! isNull connectOut) || (! isNull connectIn);
-    "${derivRun}/bin/run.sh"
+  connectScript = writeScript "connect" ''
-  );
+    #!${stdenv.shell}
-  derivRun = stdenv.mkDerivation {
-    name = "trivmix-run";
-    src = builtins.toFile "run.sh" ''
-      #!/bin/sh
-      ${if ! isNull connectIn then "jack_connect ${connectIn} $1" else ""}
+    PATH=${jack2Full}/bin:$PATH
-      ${if ! isNull connectOut then "jack_connect $2 ${connectOut}" else ""}
-    '';
+    ${optionalString (! isNull connectIn) "jack_connect ${connectIn} $1"}
-    unpackPhase = "cat";
+    ${optionalString (! isNull connectOut) "jack_connect $2 ${connectOut}"}
-    buildInputs = [ makeWrapper ];
+  '';
-    installPhase = ''
+  inherit (stdenv.lib) optionalString;
-      mkdir -p $out/bin
+in {
-      cp $src $out/bin/run.sh
-      chmod 755 $out/bin/run.sh
-      wrapProgram $out/bin/run.sh \
-        --prefix PATH : ${jack2Full}/bin
-    '';
-  };
-in rec {
  out = {
    wantedBy = [ "sound.target" ];
    requires = [ "jack.service" ];
    before = [ "mpd.service" ];
    serviceConfig = {
      Type = "simple";
-      ExecStart = ''${trivmix}/bin/trivmix --client ${name} --run ${genRun} /dev/shm/mix/${name}/level${if ! isNull group then " /dev/shm/mix/${group}/level" else ""}'';
+      ExecStart = ''${trivmix}/bin/trivmix --client ${name} \
+        ${optionalString connect "--run ${connectScript}"} \
+        ${optionalString (! isNull run) "--run ${run}"} \
+        ${optionalString (! isNull initial) "--level ${initial}"} \
+        /dev/shm/mix/${name}/level \
+        ${optionalString (! isNull group) "/dev/shm/mix/${group}/level"}
+      '';
      User = "jack";
      Group = "audio";
      Nice = "-10";
diff --git a/custom/trivmix.nix b/custom/trivmix.nix
deleted file mode 120000
index c2f64840..00000000
--- a/custom/trivmix.nix
+++ /dev/null
@@ -1 +0,0 @@
-trivmix/package.nix
-\ No newline at end of file
diff --git a/custom/uucp.nix b/custom/uucp.nix
index d7c2aae2..0b4b1306 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -208,7 +208,17 @@ in {
      text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes);
    };
-    security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"];
+    security.wrappers = let
+      wrapper = p: { name = p;
+                     value = {
+                       source = "${pkgs.uucp}/bin/${p}";
+                       owner = "root";
+                       group = "root";
+                       setuid = true;
+                       setgid = false;
+                     };
+                   };
+    in listToAttrs (map wrapper ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]);
    nixpkgs.config.packageOverrides = pkgs: with pkgs; {
      uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: {
@@ -227,7 +237,7 @@ in {
                choices as appropriate.  */
             #if 1
            -#define MAIL_PROGRAM "/usr/lib/sendmail -t"
-            +#define MAIL_PROGRAM "/var/setuid-wrappers/sendmail -t"
+            +#define MAIL_PROGRAM "${config.security.wrapperDir}/sendmail -t"
             /* #define MAIL_PROGRAM "/usr/sbin/sendmail -t" */
             #define MAIL_PROGRAM_TO_BODY 1
             #define MAIL_PROGRAM_SUBJECT_BODY 1
@@ -246,7 +256,7 @@ in {
            *) from="$from@$relay";;
          esac
-          exec /var/setuid-wrappers/sendmail -i -f "$from" -- "$@"
+          exec ${config.security.wrapperDir}/sendmail -G -i -f "$from" -- "$@"
        '';
    };
@@ -254,6 +264,6 @@ in {
      uucp
    ];
-    services.cron.systemCronJobs = (map (name: "${config.services.uucp.interval} /var/setuid-wrappers/uucico -D -S ${name}") (if (config.services.uucp.interval != null) then config.services.uucp.remoteNodes else []));
+    services.cron.systemCronJobs = (map (name: "${config.services.uucp.interval} ${config.security.wrapperDir}/uucico -D -S ${name}") (if (config.services.uucp.interval != null) then config.services.uucp.remoteNodes else []));
  };
 }

diff --git a/custom/thermoprint b/custom/thermoprint
	Subproject e95dac748371afcad3ffddf5c98e5fcb0a8302b		Subproject ba2e44af40746f339e1ed652ea233c739790556


diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix index 58c5237c..563335ad 100644 --- a/custom/tinc/def.nix +++ b/custom/tinc/def.nix
@@ -6,6 +6,77 @@ let
6		6
7	cfg = config.services.customTinc;	7	cfg = config.services.customTinc;
8		8
		9	networkModule = {
		10	extraConfig = mkOption {
		11	default = ''
		12	PingTimeout = 10
		13	'';
		14	type = types.lines;
		15	description = ''
		16	Extra lines to add to the tinc service configuration file.
		17	'';
		18	};
		19
		20	name = mkOption {
		21	default = null;
		22	type = types.nullOr types.str;
		23	description = ''
		24	The name of the node which is used as an identifier when communicating
		25	with the remote nodes in the mesh. If null then the hostname of the system
		26	is used.
		27	'';
		28	};
		29
		30	debugLevel = mkOption {
		31	default = 0;
		32	type = types.addCheck types.int (l: l >= 0 && l <= 5);
		33	description = ''
		34	The amount of debugging information to add to the log. 0 means little
		35	logging while 5 is the most logging. <command>man tincd</command> for
		36	more details.
		37	'';
		38	};
		39
		40	hosts = mkOption {
		41	default = { };
		42	type = types.loaOf types.lines;
		43	description = ''
		44	The name of the host in the network as well as the configuration for that host.
		45	This name should only contain alphanumerics and underscores.
		46	'';
		47	};
		48
		49	interfaceType = mkOption {
		50	default = "tun";
		51	type = types.addCheck types.str (n: n == "tun" \|\| n == "tap");
		52	description = ''
		53	The type of virtual interface used for the network connection
		54	'';
		55	};
		56
		57	interfaceConfig = mkOption {
		58	default = { };
		59	description = ''
		60	Additional configuration for the generated network interface
		61	'';
		62	};
		63
		64	package = mkOption {
		65	default = pkgs.tinc_pre;
		66	description = ''
		67	The package to use for the tinc daemon's binary.
		68	'';
		69	};
		70
		71	scripts = mkOption {
		72	default = { };
		73	type = types.loaOf (types.nullOr types.str);
		74	description = ''
		75	Hook scripts
		76	'';
		77	};
		78
		79	};
9	in	80	in
10		81
11	{	82	{
@@ -18,83 +89,11 @@ in
18		89
19	networks = mkOption {	90	networks = mkOption {
20	default = { };	91	default = { };
21	type = types.loaOf types.optionSet;	92	type = types.loaOf (types.submodule { options = networkModule; });
22	description = ''	93	description = ''
23	Defines the tinc networks which will be started.	94	Defines the tinc networks which will be started.
24	Each network invokes a different daemon.	95	Each network invokes a different daemon.
25	'';	96	'';
26	options = {
27
28	extraConfig = mkOption {
29	default = ''
30	PingTimeout = 10
31	'';
32	type = types.lines;
33	description = ''
34	Extra lines to add to the tinc service configuration file.
35	'';
36	};
37
38	name = mkOption {
39	default = null;
40	type = types.nullOr types.str;
41	description = ''
42	The name of the node which is used as an identifier when communicating
43	with the remote nodes in the mesh. If null then the hostname of the system
44	is used.
45	'';
46	};
47
48	debugLevel = mkOption {
49	default = 0;
50	type = types.addCheck types.int (l: l >= 0 && l <= 5);
51	description = ''
52	The amount of debugging information to add to the log. 0 means little
53	logging while 5 is the most logging. <command>man tincd</command> for
54	more details.
55	'';
56	};
57
58	hosts = mkOption {
59	default = { };
60	type = types.loaOf types.lines;
61	description = ''
62	The name of the host in the network as well as the configuration for that host.
63	This name should only contain alphanumerics and underscores.
64	'';
65	};
66
67	interfaceType = mkOption {
68	default = "tun";
69	type = types.addCheck types.str (n: n == "tun" \|\| n == "tap");
70	description = ''
71	The type of virtual interface used for the network connection
72	'';
73	};
74
75	interfaceConfig = mkOption {
76	default = { };
77	description = ''
78	Additional configuration for the generated network interface
79	'';
80	};
81
82	package = mkOption {
83	default = pkgs.tinc_pre;
84	description = ''
85	The package to use for the tinc daemon's binary.
86	'';
87	};
88
89	scripts = mkOption {
90	default = { };
91	type = types.loaOf (types.nullOr types.str);
92	description = ''
93	Hook scripts
94	'';
95	};
96
97	};
98	};	97	};
99	};	98	};
100		99


diff --git a/custom/trivmix b/custom/trivmix
	Subproject 72467d55a7b6e3afcafc2cd1527da10574cf636		Subproject 70e600346fb5875defe14d578883c9838695d53


diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix index 3c3cded7..e9120f88 100644 --- a/custom/trivmix-service.nix +++ b/custom/trivmix-service.nix
@@ -3,43 +3,40 @@
3	, connectOut ? null	3	, connectOut ? null
4	, connectIn ? null	4	, connectIn ? null
5	, group ? null	5	, group ? null
		6	, initial ? null
6	, trivmix	7	, trivmix
7	, stdenv	8	, stdenv
8	, makeWrapper	9	, makeWrapper
9	, jack2Full	10	, jack2Full
10	, coreutils	11	, coreutils
		12	, writeScript
11	}:	13	}:
12		14
13	let	15	let
14	genRun = if ! isNull run then run else (	16	connect = (! isNull connectOut) \|\| (! isNull connectIn);
15	"${derivRun}/bin/run.sh"	17	connectScript = writeScript "connect" ''
16	);	18	#!${stdenv.shell}
17	derivRun = stdenv.mkDerivation {
18	name = "trivmix-run";
19	src = builtins.toFile "run.sh" ''
20	#!/bin/sh
21		19
22	${if ! isNull connectIn then "jack_connect ${connectIn} $1" else ""}	20	PATH=${jack2Full}/bin:$PATH
23	${if ! isNull connectOut then "jack_connect $2 ${connectOut}" else ""}	21
24	'';	22	${optionalString (! isNull connectIn) "jack_connect ${connectIn} $1"}
25	unpackPhase = "cat";	23	${optionalString (! isNull connectOut) "jack_connect $2 ${connectOut}"}
26	buildInputs = [ makeWrapper ];	24	'';
27	installPhase = ''	25	inherit (stdenv.lib) optionalString;
28	mkdir -p $out/bin	26	in {
29	cp $src $out/bin/run.sh
30	chmod 755 $out/bin/run.sh
31	wrapProgram $out/bin/run.sh \
32	--prefix PATH : ${jack2Full}/bin
33	'';
34	};
35	in rec {
36	out = {	27	out = {
37	wantedBy = [ "sound.target" ];	28	wantedBy = [ "sound.target" ];
38	requires = [ "jack.service" ];	29	requires = [ "jack.service" ];
39	before = [ "mpd.service" ];	30	before = [ "mpd.service" ];
40	serviceConfig = {	31	serviceConfig = {
41	Type = "simple";	32	Type = "simple";
42	ExecStart = ''${trivmix}/bin/trivmix --client ${name} --run ${genRun} /dev/shm/mix/${name}/level${if ! isNull group then " /dev/shm/mix/${group}/level" else ""}'';	33	ExecStart = ''${trivmix}/bin/trivmix --client ${name} \
		34	${optionalString connect "--run ${connectScript}"} \
		35	${optionalString (! isNull run) "--run ${run}"} \
		36	${optionalString (! isNull initial) "--level ${initial}"} \
		37	/dev/shm/mix/${name}/level \
		38	${optionalString (! isNull group) "/dev/shm/mix/${group}/level"}
		39	'';
43	User = "jack";	40	User = "jack";
44	Group = "audio";	41	Group = "audio";
45	Nice = "-10";	42	Nice = "-10";


diff --git a/custom/trivmix.nix b/custom/trivmix.nix deleted file mode 120000 index c2f64840..00000000 --- a/custom/trivmix.nix +++ /dev/null
@@ -1 +0,0 @@
1	trivmix/package.nix \ No newline at end of file


diff --git a/custom/uucp.nix b/custom/uucp.nix index d7c2aae2..0b4b1306 100644 --- a/custom/uucp.nix +++ b/custom/uucp.nix
@@ -208,7 +208,17 @@ in {
208	text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes);	208	text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes);
209	};	209	};
210		210
211	security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"];	211	security.wrappers = let
		212	wrapper = p: { name = p;
		213	value = {
		214	source = "${pkgs.uucp}/bin/${p}";
		215	owner = "root";
		216	group = "root";
		217	setuid = true;
		218	setgid = false;
		219	};
		220	};
		221	in listToAttrs (map wrapper ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]);
212		222
213	nixpkgs.config.packageOverrides = pkgs: with pkgs; {	223	nixpkgs.config.packageOverrides = pkgs: with pkgs; {
214	uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: {	224	uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: {
@@ -227,7 +237,7 @@ in {
227	choices as appropriate. */	237	choices as appropriate. */
228	#if 1	238	#if 1
229	-#define MAIL_PROGRAM "/usr/lib/sendmail -t"	239	-#define MAIL_PROGRAM "/usr/lib/sendmail -t"
230	+#define MAIL_PROGRAM "/var/setuid-wrappers/sendmail -t"	240	+#define MAIL_PROGRAM "${config.security.wrapperDir}/sendmail -t"
231	/* #define MAIL_PROGRAM "/usr/sbin/sendmail -t" */	241	/* #define MAIL_PROGRAM "/usr/sbin/sendmail -t" */
232	#define MAIL_PROGRAM_TO_BODY 1	242	#define MAIL_PROGRAM_TO_BODY 1
233	#define MAIL_PROGRAM_SUBJECT_BODY 1	243	#define MAIL_PROGRAM_SUBJECT_BODY 1
@@ -246,7 +256,7 @@ in {
246	*) from="$from@$relay";;	256	*) from="$from@$relay";;
247	esac	257	esac
248		258
249	exec /var/setuid-wrappers/sendmail -i -f "$from" -- "$@"	259	exec ${config.security.wrapperDir}/sendmail -G -i -f "$from" -- "$@"
250	'';	260	'';
251	};	261	};
252		262
@@ -254,6 +264,6 @@ in {
254	uucp	264	uucp
255	];	265	];
256		266
257	services.cron.systemCronJobs = (map (name: "${config.services.uucp.interval} /var/setuid-wrappers/uucico -D -S ${name}") (if (config.services.uucp.interval != null) then config.services.uucp.remoteNodes else []));	267	services.cron.systemCronJobs = (map (name: "${config.services.uucp.interval} ${config.security.wrapperDir}/uucico -D -S ${name}") (if (config.services.uucp.interval != null) then config.services.uucp.remoteNodes else []));
258	};	268	};
259	}	269	}