setuid: properly adapt module to work with 23.11

2023-12-06 22:30:12 +01:00 · 2023-12-06 22:30:12 +01:00 · adcb10a4e3
commit adcb10a4e3
parent 31f86bf819
1 changed files with 19 additions and 7 deletions
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@ -80,13 +80,25 @@ let
  };

  imp = {
-    system.activationScripts."krebs.setuid" = stringAfter [ "usrbinenv" ]
-      (concatMapStringsSep "\n"
-        (cfg: /* sh */ ''
-          ${cfg.activate}
-          rm -f ${cfg.wrapperDir}/${cfg.name}.real
-        '')
-        (attrValues config.krebs.setuid));
+    systemd.services."krebs.setuid" = {
+      wantedBy = [ "suid-sgid-wrappers.service" ];
+      after = [ "suid-sgid-wrappers.service" ];
+      path = [
+        pkgs.coreutils
+      ];
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = pkgs.writeDash "krebs.setuid.sh" ''
+          ${concatMapStringsSep "\n"
+            (getAttr "activate")
+            (attrValues config.krebs.setuid)
+          }
+        '';
+      };
+      unitConfig = {
+        DefaultDependencies = false;
+      };
+    };
  };

 in out