aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md2
-rw-r--r--modules/apps/cli.nix10
2 files changed, 5 insertions, 7 deletions
diff --git a/README.md b/README.md
index 4a5a119..245d505 100644
--- a/README.md
+++ b/README.md
@@ -147,7 +147,7 @@ _secure_, default value.
Requirements
============
-* [nixpkgs](https://nixos.org/nixpkgs/) >= 16.09
+* [nixpkgs](https://nixos.org/nixpkgs/) >= 17.03
License
diff --git a/modules/apps/cli.nix b/modules/apps/cli.nix
index af60710..6db92e3 100644
--- a/modules/apps/cli.nix
+++ b/modules/apps/cli.nix
@@ -5,9 +5,8 @@ let
inherit (builtins)
toString ;
inherit (lib)
- concatMapStrings filterAttrs mapAttrsToList mkOption
- types unique ;
- inherit (types)
+ concatMapStrings filterAttrs mapAttrs mapAttrsToList mkOption unique ;
+ inherit (lib.types)
attrsOf path str submodule ;
explicit = filterAttrs (n: v: n != "_module" && v != null);
@@ -126,14 +125,13 @@ in {
config = {
nixsap.system.users.daemons = unique (mapAttrsToList (_: a: a.user) apps);
- security.setuidOwners = mapAttrsToList (n: a:
- { program = n;
+ security.wrappers = mapAttrs (n: a:
+ { source = exec n a;
owner = "root";
group = a.user;
setuid = true;
setgid = false;
permissions = "u+rx,g+x,o=";
- source = exec n a;
}) apps;
};
}