krebs.setuid: make wrapperDir configurable
This commit is contained in:
parent
bbbd3d6cd8
commit
315dcf3cbf
@ -9,8 +9,6 @@ with import <stockholm/lib>;
|
|||||||
api = mkOption {
|
api = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
type = let
|
type = let
|
||||||
# TODO make wrapperDir configurable
|
|
||||||
inherit (config.security) wrapperDir;
|
|
||||||
inherit (config.users) groups users;
|
inherit (config.users) groups users;
|
||||||
in types.attrsOf (types.submodule (self: let cfg = self.config; in {
|
in types.attrsOf (types.submodule (self: let cfg = self.config; in {
|
||||||
options = {
|
options = {
|
||||||
@ -49,6 +47,10 @@ with import <stockholm/lib>;
|
|||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
wrapperDir = mkOption {
|
||||||
|
default = config.security.wrapperDir;
|
||||||
|
type = types.absolute-pathname;
|
||||||
|
};
|
||||||
activate = mkOption {
|
activate = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
visible = false;
|
visible = false;
|
||||||
@ -59,8 +61,9 @@ with import <stockholm/lib>;
|
|||||||
src = pkgs.exec cfg.name {
|
src = pkgs.exec cfg.name {
|
||||||
inherit (cfg) envp filename;
|
inherit (cfg) envp filename;
|
||||||
};
|
};
|
||||||
dst = "${wrapperDir}/${cfg.name}";
|
dst = "${cfg.wrapperDir}/${cfg.name}";
|
||||||
in ''
|
in ''
|
||||||
|
mkdir -p ${cfg.wrapperDir}
|
||||||
cp ${src} ${dst}
|
cp ${src} ${dst}
|
||||||
chown ${cfg.owner}.${cfg.group} ${dst}
|
chown ${cfg.owner}.${cfg.group} ${dst}
|
||||||
chmod ${cfg.mode} ${dst}
|
chmod ${cfg.mode} ${dst}
|
||||||
|
Loading…
Reference in New Issue
Block a user