From 36c5834c288b56b6955e35d95708ae7f65f199f9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 25 May 2016 03:03:21 +0200
Subject: tv slock: user krebs.setuid

---
 tv/2configs/xserver/default.nix | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'tv/2configs/xserver/default.nix')

diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index a6a82050..b5b11678 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -37,15 +37,21 @@ let
       pkgs.ff
       pkgs.gitAndTools.qgit
       pkgs.mpv
-      pkgs.slock
       pkgs.sxiv
       pkgs.xsel
       pkgs.zathura
     ];
 
-    security.setuidPrograms = [
-      "slock"
-    ];
+    # TODO dedicated group, i.e. with a single user
+    # TODO krebs.setuid.slock.path vs /var/setuid-wrappers
+    krebs.setuid.slock = {
+      filename = "${pkgs.slock}/bin/slock";
+      group = "wheel";
+      envp = {
+        DISPLAY = ":${toString config.services.xserver.display}";
+        USER = user.name;
+      };
+    };
 
     systemd.services.display-manager.enable = false;
 
-- 
cgit v1.2.3