From 65924ba6e9a34aac5d5ab51db4cfb43d08825269 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 01:45:04 +0100
Subject: Bump setuid wrappers

---
 custom/uucp.nix |  2 +-
 hel.nix         | 25 +++++++++++++------------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/custom/uucp.nix b/custom/uucp.nix
index b5e5a0aa..2fbba8f9 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -208,7 +208,7 @@ in {
       text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes);
     };
 
-    security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"];
+    security.wrappers = listToAttrs (map (p: {source = "${pkgs.uucp}/bin/${p}"; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]);
 
     nixpkgs.config.packageOverrides = pkgs: with pkgs; {
       uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: {
diff --git a/hel.nix b/hel.nix
index 3eb83309..5d9de1b8 100644
--- a/hel.nix
+++ b/hel.nix
@@ -45,7 +45,6 @@
     git
     slock
     shadow
-    (callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })
     (callPackage ./utils/nix/rebuild-system.nix {})
     rewacom
   ];
@@ -350,17 +349,19 @@
       %wheel ALL=(ALL) NOPASSWD: SYSCTRL
     '';
 
-    setuidPrograms = ["slock" "mount" "mount.nfs" "umount" "newgrp" "thinklight"];
-
-    setuidOwners = [ { group = "users";
-                       owner = "gkleen";
-                       permissions = "u+rx,g+x,o+x";
-                       program = "notify-gkleen";
-                       setgid = true;
-                       setuid = true;
-                       source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
-                     }
-                   ];
+    security.wrappers = { "slock".source = "${pkgs.slock}/bin/slock";
+                          "mount".source = "${pkgs.utillinux.bin}/bin/mount";
+                          "umount".source = "${pkgs.utillinux.bin}/bin/umount";
+                          "newgrp".source = "${pkgs.shadow}/bin/newgrp";
+                          "thinklight".source =
+                            "${(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
+                          "notify-gkleen" = {
+                            group = "users";
+                            owner = "gkleen";
+                            setgid = true;
+                            setuid = true;
+                            source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                        };
 
     polkit = {
       enable = true;
-- 
cgit v1.2.3