From fedd7cd6901646cb7e2a94a148d300f7b632d7e0 Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Sun, 12 Sep 2021 18:53:48 +0200
Subject: nixos: explicitely set security.wrappers ownership

This is slightly more verbose and inconvenient, but it forces you
to think about what the wrapper ownership and permissions will be.
---
 nixos/modules/services/networking/smokeping.nix | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'nixos/modules/services/networking/smokeping.nix')

diff --git a/nixos/modules/services/networking/smokeping.nix b/nixos/modules/services/networking/smokeping.nix
index 4470c18fd53..0a647748736 100644
--- a/nixos/modules/services/networking/smokeping.nix
+++ b/nixos/modules/services/networking/smokeping.nix
@@ -278,8 +278,18 @@ in
       }
     ];
     security.wrappers = {
-      fping.source = "${pkgs.fping}/bin/fping";
-      fping6.source = "${pkgs.fping}/bin/fping6";
+      fping =
+        { setuid = true;
+          owner = "root";
+          group = "root";
+          source = "${pkgs.fping}/bin/fping";
+        };
+      fping6 =
+        { setuid = true;
+          owner = "root";
+          group = "root";
+          source = "${pkgs.fping}/bin/fping6";
+        };
     };
     environment.systemPackages = [ pkgs.fping ];
     users.users.${cfg.user} = {
-- 
cgit 1.4.1