diff options
author | tv <tv@krebsco.de> | 2016-05-25 03:03:21 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-05-25 03:03:21 +0200 |
commit | 36c5834c288b56b6955e35d95708ae7f65f199f9 (patch) | |
tree | 3f500ddf0bee6c35f03ef8624318c6dd86bbf065 /tv/2configs | |
parent | 82a8e7eca896c94e35de22a734d538f25e028faf (diff) |
tv slock: user krebs.setuid
Diffstat (limited to 'tv/2configs')
-rw-r--r-- | tv/2configs/xserver/default.nix | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index a6a820507..b5b116786 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -37,15 +37,21 @@ let pkgs.ff pkgs.gitAndTools.qgit pkgs.mpv - pkgs.slock pkgs.sxiv pkgs.xsel pkgs.zathura ]; - security.setuidPrograms = [ - "slock" - ]; + # TODO dedicated group, i.e. with a single user + # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + krebs.setuid.slock = { + filename = "${pkgs.slock}/bin/slock"; + group = "wheel"; + envp = { + DISPLAY = ":${toString config.services.xserver.display}"; + USER = user.name; + }; + }; systemd.services.display-manager.enable = false; |