infra/localhost
1
0
Fork 0
Code Releases Activity

to not affect local development, remove system-wide out-of-tree

Browse Source
This commit is contained in:
dump_stack() 2023-02-13 09:16:09 +00:00
parent e87b9d1d5f
commit 7e4383aa89
Signed by: dump_stack
GPG Key ID: BE44DA8C062D87DC
1 changed files with 0 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
security.nix
View File

@ -41,22 +41,10 @@
extraConfig = '' extraConfig = ''
%wheel ALL=(ALL:ALL) NOPASSWD: ${pkgs.light}/bin/light %wheel ALL=(ALL:ALL) NOPASSWD: ${pkgs.light}/bin/light
%wheel ALL=(captive) NOPASSWD: ${pkgs.firefox}/bin/firefox %wheel ALL=(captive) NOPASSWD: ${pkgs.firefox}/bin/firefox
%wheel ALL=(out-of-tree) NOPASSWD: ${pkgs.out-of-tree}/bin/out-of-tree
''; '';
}; };
users.users.out-of-tree = {
home = "/var/out-of-tree";
group = "out-of-tree";
isSystemUser = true;
createHome = true;
extraGroups = [ "docker" "kvm" ];
};
users.groups.out-of-tree = {};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(writeShellScriptBin "captive" "sudo -H -u captive ${pkgs.firefox}/bin/firefox") (writeShellScriptBin "captive" "sudo -H -u captive ${pkgs.firefox}/bin/firefox")
(writeShellScriptBin "out-of-tree"
"sudo -H -u out-of-tree ${pkgs.out-of-tree}/bin/out-of-tree $@")
]; ];
} }