ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-20 20:20:26 +03:00
Code Issues Projects Releases Wiki Activity

nixos/wrappers: replace activationScript

Browse Source 
Create the wrappers via a separate systemd service.
This commit is contained in:
nikstur 2023-10-24 23:51:37 +02:00
parent f0154409a1
commit f827f7ad7b
1 changed files with 28 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nixos/modules/security/wrappers/default.nix
View File

@ -275,10 +275,14 @@ in
mrpx ${wrap.source},
'') wrappers;
###### wrappers activation script
system.activationScripts.wrappers =
lib.stringAfter [ "specialfs" "users" ]
''
systemd.services.suid-sgid-wrappers = {
description = "Create SUID/SGID Wrappers";
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
unitConfig.DefaultDependencies = false;
unitConfig.RequiresMountsFor = [ "/nix/store" "/run/wrappers" ];
serviceConfig.Type = "oneshot";
script = ''
chmod 755 "${parentWrapperDir}"
# We want to place the tmpdirs for the wrappers to the parent dir.
@ -302,6 +306,7 @@ in
ln --symbolic "$wrapperDir" "${wrapperDir}"
fi
'';
};
###### wrappers consistency checks
system.checks = lib.singleton (pkgs.runCommandLocal