From e5f64c2baece306446c8a7e5f2ca5a40509719dc Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Mon, 24 Jul 2017 16:05:35 +0300 Subject: cli: security.setuidOwners -> security.wrappers Require nixpkgs >= 17.03 --- README.md | 2 +- modules/apps/cli.nix | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4a5a119..245d505 100644 --- a/README.md +++ b/README.md @@ -147,7 +147,7 @@ _secure_, default value. Requirements ============ -* [nixpkgs](https://nixos.org/nixpkgs/) >= 16.09 +* [nixpkgs](https://nixos.org/nixpkgs/) >= 17.03 License diff --git a/modules/apps/cli.nix b/modules/apps/cli.nix index af60710..6db92e3 100644 --- a/modules/apps/cli.nix +++ b/modules/apps/cli.nix @@ -5,9 +5,8 @@ let inherit (builtins) toString ; inherit (lib) - concatMapStrings filterAttrs mapAttrsToList mkOption - types unique ; - inherit (types) + concatMapStrings filterAttrs mapAttrs mapAttrsToList mkOption unique ; + inherit (lib.types) attrsOf path str submodule ; explicit = filterAttrs (n: v: n != "_module" && v != null); @@ -126,14 +125,13 @@ in { config = { nixsap.system.users.daemons = unique (mapAttrsToList (_: a: a.user) apps); - security.setuidOwners = mapAttrsToList (n: a: - { program = n; + security.wrappers = mapAttrs (n: a: + { source = exec n a; owner = "root"; group = a.user; setuid = true; setgid = false; permissions = "u+rx,g+x,o="; - source = exec n a; }) apps; }; } -- cgit v1.2.3