krebs.setuid: make wrapperDir configurable

author: tv <tv@krebsco.de> 2021-02-05 17:48:54 +0100
committer: tv <tv@krebsco.de> 2021-02-05 19:32:54 +0100
commit: 315dcf3cbff0980495c0899a38ecdf538651dabc (patch)
tree: c3bdbc3daedb3f827c21be52e7a2a8b3dac2508d
parent: bbbd3d6cd89cc797fab9245decca62e05eb994b7 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index 3e068736..64fedb91 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -9,8 +9,6 @@ with import <stockholm/lib>;
   api = mkOption {
     default = {};
     type = let
-      # TODO make wrapperDir configurable
-      inherit (config.security) wrapperDir;
       inherit (config.users) groups users;
     in types.attrsOf (types.submodule (self: let cfg = self.config; in {
       options = {
@@ -49,6 +47,10 @@ with import <stockholm/lib>;
             merge = mergeOneOption;
           };
         };
+        wrapperDir = mkOption {
+          default = config.security.wrapperDir;
+          type = types.absolute-pathname;
+        };
         activate = mkOption {
           type = types.str;
           visible = false;
@@ -59,8 +61,9 @@ with import <stockholm/lib>;
         src = pkgs.exec cfg.name {
           inherit (cfg) envp filename;
         };
-        dst = "${wrapperDir}/${cfg.name}";
+        dst = "${cfg.wrapperDir}/${cfg.name}";
       in ''
+        mkdir -p ${cfg.wrapperDir}
         cp ${src} ${dst}
         chown ${cfg.owner}.${cfg.group} ${dst}
         chmod ${cfg.mode} ${dst}
author	tv <tv@krebsco.de>	2021-02-05 17:48:54 +0100
committer	tv <tv@krebsco.de>	2021-02-05 19:32:54 +0100
commit	315dcf3cbff0980495c0899a38ecdf538651dabc (patch)
tree	c3bdbc3daedb3f827c21be52e7a2a8b3dac2508d
parent	bbbd3d6cd89cc797fab9245decca62e05eb994b7 (diff)