From 2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 22:39:19 +0100
Subject: Fix setuid-wrappers path

---
 hel.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'hel.nix')

diff --git a/hel.nix b/hel.nix
index 4e528bba..a7b34fe4 100644
--- a/hel.nix
+++ b/hel.nix
@@ -176,8 +176,8 @@
       nodeName = "hel";
       remoteNodes = ["isaac" "ymir"]; # legacy name for odin
       sshUser = {
-        openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir''
-	                                ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${pkgs.writeScript "odin.sh" "#!${pkgs.stdenv.shell}\necho .\nexec -a uucico /var/setuid-wrappers/uucico\n"}" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhACtnt9+3j2ev4QVA2QBlPtblPnu7yol2njgfMlHtC uucp@odin''
+        openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${config.security.wrapperDir}/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir''
+	                                ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${pkgs.writeScript "odin.sh" "#!${pkgs.stdenv.shell}\necho .\nexec -a uucico ${config.security.wrapperDir}/uucico\n"}" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhACtnt9+3j2ev4QVA2QBlPtblPnu7yol2njgfMlHtC uucp@odin''
                                       ];
       };
       sshConfig = ''
@@ -188,7 +188,7 @@
 	  Hostname ymir.niflheim.yggdrasil
 	  IdentityFile ~/.ssh/ymir
       '';
-      commandPath = [ "${pkgs.callPackage ./hel/recv-media.nix {}}/bin" "/var/setuid-wrappers/" ];
+      commandPath = [ "${pkgs.callPackage ./hel/recv-media.nix {}}/bin" config.security.wrapperDir ];
       defaultCommands = [];
       commands = {
         "isaac" = ["recv-media" "notify-gkleen"];
@@ -209,7 +209,7 @@
       relayHost = "uucp:ymir";
       recipientDelimiter = "+";
       extraMasterConf = ''
-        uucp        unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a $sender - $nexthop!rmail ($recipient)
+        uucp        unix - n n - - pipe flags=Fqhu user=uucp argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)
         sshsendmail unix - n n - - pipe flags=Fq user=postfix_ssh argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient
       '';
       transport = ''
@@ -361,7 +361,7 @@
                    setgid = true;
                    setuid = true;
                    permissions = "u+rx,g+x,o+x";
-                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; inherit (config.security) wrapperDir}}/bin/notify-gkleen'';
                  };
                };
 
-- 
cgit v1.2.3