diff options
| author | rnhmjoj <rnhmjoj@inventati.org> | 2021-06-09 19:59:39 +0200 |
|---|---|---|
| committer | rnhmjoj <rnhmjoj@inventati.org> | 2021-09-12 21:43:25 +0200 |
| commit | 22004f7e8febc6ae6553c44ecd8bf9da9ddc5260 (patch) | |
| tree | 30ede1864236717ef1b0c76f21394e2ee382b7ef /nixos/modules/security/wrappers | |
| parent | 904f68fb0fc01cf4072c1215416eb4e2b9fc4e56 (diff) | |
| download | nixpkgs-22004f7e8febc6ae6553c44ecd8bf9da9ddc5260.tar nixpkgs-22004f7e8febc6ae6553c44ecd8bf9da9ddc5260.tar.gz nixpkgs-22004f7e8febc6ae6553c44ecd8bf9da9ddc5260.tar.bz2 nixpkgs-22004f7e8febc6ae6553c44ecd8bf9da9ddc5260.tar.lz nixpkgs-22004f7e8febc6ae6553c44ecd8bf9da9ddc5260.tar.xz nixpkgs-22004f7e8febc6ae6553c44ecd8bf9da9ddc5260.tar.zst nixpkgs-22004f7e8febc6ae6553c44ecd8bf9da9ddc5260.zip | |
nixos/security/wrappers: use fixed defaults
To keep backward compatibility and have a typing would require making all options null by default, adding a defaultText containing the actual value, write the default value logic based on `!= null` and replacing the nulls laters. This pretty much defeats the point of having used a submodule type.
Diffstat (limited to 'nixos/modules/security/wrappers')
| -rw-r--r-- | nixos/modules/security/wrappers/default.nix | 35 |
1 files changed, 10 insertions, 25 deletions
diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix index 74dfd86b86a..8b1f5da2ba2 100644 --- a/nixos/modules/security/wrappers/default.nix +++ b/nixos/modules/security/wrappers/default.nix @@ -33,33 +33,18 @@ let }; options.owner = lib.mkOption { type = lib.types.str; - default = with config; - if (capabilities != "") || !(setuid || setgid || permissions != null) - then "root" - else "nobody"; - description = '' - The owner of the wrapper program. Defaults to <literal>root</literal> - if any capability is set and setuid/setgid/permissions are not, otherwise to - <literal>nobody</litera>. - ''; + default = "root"; + description = "The owner of the wrapper program."; }; options.group = lib.mkOption { type = lib.types.str; - default = with config; - if (capabilities != "") || !(setuid || setgid || permissions != null) - then "root" - else "nogroup"; - description = '' - The group of the wrapper program. Defaults to <literal>root</literal> - if any capability is set and setuid/setgid/permissions are not, - otherwise to <literal>nogroup</litera>. - ''; + default = "root"; + description = "The group of the wrapper program."; }; options.permissions = lib.mkOption - { type = lib.types.nullOr fileModeType; - default = null; - example = "u+rx,g+x,o+x"; - apply = x: if x == null then "u+rx,g+x,o+x" else x; + { type = fileModeType; + default = "u+rx,g+x,o+x"; + example = "a+rx"; description = '' The permissions of the wrapper program. The format is that of a symbolic or numeric file mode understood by <command>chmod</command>. @@ -89,7 +74,7 @@ let }; options.setuid = lib.mkOption { type = lib.types.bool; - default = false; + default = true; description = "Whether to add the setuid bit the wrapper program."; }; options.setgid = lib.mkOption @@ -153,8 +138,8 @@ let builtins.map (opts: if opts.capabilities != "" - then mkSetcapProgram opts - else mkSetuidProgram opts + then mkSetcapProgram opts + else mkSetuidProgram opts ) (lib.attrValues wrappers); in { |