From 681d4e7a94a1d41e6de09a499a7272927129094e Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 27 Apr 2016 13:20:36 +0200 Subject: machine permissions --- custom/uucp.nix | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'custom') diff --git a/custom/uucp.nix b/custom/uucp.nix index 8490ca4f..afaf8508 100644 --- a/custom/uucp.nix +++ b/custom/uucp.nix @@ -17,6 +17,9 @@ let chat "" protocol e ''; + permissions = set: name: let commands = set."${name}"; in '' + MACHINE=${name} COMMANDS=${concatStringsSep ":" commands} + ''; in { options = { services.uucp = { @@ -47,9 +50,13 @@ in { }; remoteNodes = mkOption { - type = types.listOf types.str; - default = []; - description = "List of ports to set up. You will probably need to configure these in sshConfig"; + type = types.attrsOf (types.listOf str); + default = {}; + description = '' + Ports to set up + Names will probably need to be configured in sshConfig + Values are permitted commands + ''; }; spoolDir = mkOption { @@ -146,10 +153,13 @@ in { port ssh type stdin protocol e - '' + concatStringsSep "\n" (map portSpec config.services.uucp.remoteNodes); + '' + concatStringsSep "\n" (map portSpec (builtins.attrNames config.services.uucp.remoteNodes)); }; environment.etc."uucp/sys" = { - text = concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes); + text = concatStringsSep "\n" (map sysSpec (builtins.attrNames config.services.uucp.remoteNodes)); + }; + environment.etc."uucp/Permissions" = { + text = concatStringsSep "\n" (map (permissions config.services.uucp.remoteNodes) (builtins.attrNames config.services.uucp.remoteNodes)); }; security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]; -- cgit v1.2.3