tv slock: user krebs.setuid

2016-05-25 03:03:21 +02:00 · 2016-05-25 03:03:21 +02:00 · 36c5834c28
parent 82a8e7eca8
commit 36c5834c28
1 changed files with 10 additions and 4 deletions
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@ -37,15 +37,21 @@ let
      pkgs.ff
      pkgs.gitAndTools.qgit
      pkgs.mpv
-      pkgs.slock
      pkgs.sxiv
      pkgs.xsel
      pkgs.zathura
    ];

-    security.setuidPrograms = [
-      "slock"
-    ];
+    # TODO dedicated group, i.e. with a single user
+    # TODO krebs.setuid.slock.path vs /var/setuid-wrappers
+    krebs.setuid.slock = {
+      filename = "${pkgs.slock}/bin/slock";
+      group = "wheel";
+      envp = {
+        DISPLAY = ":${toString config.services.xserver.display}";
+        USER = user.name;
+      };
+    };

    systemd.services.display-manager.enable = false;