diff options
author | tv <tv@krebsco.de> | 2021-02-05 17:48:54 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2021-02-05 19:32:54 +0100 |
commit | 315dcf3cbff0980495c0899a38ecdf538651dabc (patch) | |
tree | c3bdbc3daedb3f827c21be52e7a2a8b3dac2508d | |
parent | bbbd3d6cd89cc797fab9245decca62e05eb994b7 (diff) |
krebs.setuid: make wrapperDir configurable
-rw-r--r-- | krebs/3modules/setuid.nix | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 3e068736b..64fedb911 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -9,8 +9,6 @@ with import <stockholm/lib>; api = mkOption { default = {}; type = let - # TODO make wrapperDir configurable - inherit (config.security) wrapperDir; inherit (config.users) groups users; in types.attrsOf (types.submodule (self: let cfg = self.config; in { options = { @@ -49,6 +47,10 @@ with import <stockholm/lib>; merge = mergeOneOption; }; }; + wrapperDir = mkOption { + default = config.security.wrapperDir; + type = types.absolute-pathname; + }; activate = mkOption { type = types.str; visible = false; @@ -59,8 +61,9 @@ with import <stockholm/lib>; src = pkgs.exec cfg.name { inherit (cfg) envp filename; }; - dst = "${wrapperDir}/${cfg.name}"; + dst = "${cfg.wrapperDir}/${cfg.name}"; in '' + mkdir -p ${cfg.wrapperDir} cp ${src} ${dst} chown ${cfg.owner}.${cfg.group} ${dst} chmod ${cfg.mode} ${dst} |