krebs.setuid: disambiguate config

2021-02-05 17:43:24 +01:00 · 2021-02-05 17:43:24 +01:00 · bbbd3d6cd8
parent 9c2d517c49
commit bbbd3d6cd8
1 changed files with 10 additions and 12 deletions
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@ -1,11 +1,9 @@
-{ config, pkgs, lib, ... }:
 with import <stockholm/lib>;
-let
-  cfg = config.krebs.setuid;
+{ config, pkgs, ... }: let

  out = {
    options.krebs.setuid = api;
-    config = mkIf (cfg != {}) imp;
+    config = mkIf (config.krebs.setuid != {}) imp;
  };

  api = mkOption {
@ -14,11 +12,11 @@ let
      # TODO make wrapperDir configurable
      inherit (config.security) wrapperDir;
      inherit (config.users) groups users;
-    in types.attrsOf (types.submodule ({ config, ... }: {
+    in types.attrsOf (types.submodule (self: let cfg = self.config; in {
      options = {
        name = mkOption {
          type = types.filename;
-          default = config._module.args.name;
+          default = cfg._module.args.name;
        };
        envp = mkOption {
          type = types.nullOr (types.attrsOf types.str);
@ -58,21 +56,21 @@ let
        };
      };
      config.activate = let
-        src = pkgs.exec config.name {
-          inherit (config) envp filename;
+        src = pkgs.exec cfg.name {
+          inherit (cfg) envp filename;
        };
-        dst = "${wrapperDir}/${config.name}";
+        dst = "${wrapperDir}/${cfg.name}";
      in ''
        cp ${src} ${dst}
-        chown ${config.owner}.${config.group} ${dst}
-        chmod ${config.mode} ${dst}
+        chown ${cfg.owner}.${cfg.group} ${dst}
+        chmod ${cfg.mode} ${dst}
      '';
    }));
  };

  imp = {
    system.activationScripts."krebs.setuid" = stringAfter [ "wrappers" ]
-      (concatMapStringsSep "\n" (getAttr "activate") (attrValues cfg));
+      (concatMapStringsSep "\n" (getAttr "activate") (attrValues config.krebs.setuid));
  };

 in out