diff options
| -rw-r--r-- | kartei/tv/hosts/leg.nix | 24 | ||||
| -rw-r--r-- | kartei/tv/wiregrill/leg.pub | 1 | ||||
| -rw-r--r-- | krebs/3modules/setuid.nix | 26 | ||||
| -rw-r--r-- | lib/pure.nix | 1 |
4 files changed, 44 insertions, 8 deletions
diff --git a/kartei/tv/hosts/leg.nix b/kartei/tv/hosts/leg.nix new file mode 100644 index 000000000..aa023b42d --- /dev/null +++ b/kartei/tv/hosts/leg.nix @@ -0,0 +1,24 @@ +{ + nets = { + retiolum = { + ip4.addr = "10.243.13.43"; + aliases = [ + "leg.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAsfL4VK3WbgbWVYsOA0TJ3iswRrvfE/z/TbNTtzULGPSA6bTG8QXO + f2cm6aY6UriMktJL6GB3XNYlDZDKi74bNOXP+O/p7dTr5g9PWjYeqLFiLFr0pwWi + pooKxrAcPEJ8khhCI7eXVGL1baiHZsPCZLmPXm+c3qke6uY/48zmt0SG3WwjybF/ + JMbxE7XTMrsO28PiOZgWrXqZJgLhKygcz9WGMkQ9CcjnHobKIoTRWHILIsEPjR2s + /vNeGTa6v9/SpDQtHlfiELNxQAHUXU0//hJvEyH4dMS+vJKNQlL9z84fQqhZGfh0 + nN++k9cHwSPDusbMqB2ncpx6v8ieUpCsewIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = " qmxNtjkjzXP4QCIJwXLncYFrIfU7royMlQNSVvR3XKH"; + }; + }; + secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGiputkYYQbg8sUHu+dMVOEuqhPYwPhPdmkS6LopPx17 root@leg"; + syncthing.id = "5IB2U3K-HNQWNA4-ULYNPZF-XC3HX4D-IKQB72L-GNF6U2P-RNL4OMF-BWGDVAU"; +} diff --git a/kartei/tv/wiregrill/leg.pub b/kartei/tv/wiregrill/leg.pub new file mode 100644 index 000000000..7e75edffe --- /dev/null +++ b/kartei/tv/wiregrill/leg.pub @@ -0,0 +1 @@ +tlGh9gpV09TspLVV/9+Z5T5fhMAQcz5c5L3KNvR/d1I= diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index fdb96c8ba..e3108d88e 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -80,13 +80,25 @@ let }; imp = { - system.activationScripts."krebs.setuid" = stringAfter [ "usrbinenv" ] - (concatMapStringsSep "\n" - (cfg: /* sh */ '' - ${cfg.activate} - rm -f ${cfg.wrapperDir}/${cfg.name}.real - '') - (attrValues config.krebs.setuid)); + systemd.services."krebs.setuid" = { + wantedBy = [ "suid-sgid-wrappers.service" ]; + after = [ "suid-sgid-wrappers.service" ]; + path = [ + pkgs.coreutils + ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeDash "krebs.setuid.sh" '' + ${concatMapStringsSep "\n" + (getAttr "activate") + (attrValues config.krebs.setuid) + } + ''; + }; + unitConfig = { + DefaultDependencies = false; + }; + }; }; in out diff --git a/lib/pure.nix b/lib/pure.nix index 3329db022..3fe51cd54 100644 --- a/lib/pure.nix +++ b/lib/pure.nix @@ -23,7 +23,6 @@ let git = import ./git.nix { inherit (stockholm) lib; }; haskell = import ./haskell.nix { inherit (stockholm) lib; }; krebs = import ./krebs stockholm.lib; - krops = import ../submodules/krops/lib; shell = import ./shell.nix { inherit (stockholm) lib; }; systemd = { encodeName = replaceStrings ["/"] ["\\x2f"]; |