Extend NixOS: Difference between revisions

Line 10:

= Implementations =

{{warning|text=The /var/setuid-wrappers directory is no longer current. For the new <code>security.wrappers</code> take a look at [https://github.com/NixOS/nixpkgs/blob/release-17.03/nixos/modules/security/wrappers/default.nix] and/or see https://nixos.org/nixos/manual/release-notes.html#sec-release-16.09}}

== Quick Implementation ==

Line 36:

Line 34:

environment.systemPackages = [ pkgs.screen ];

~~security.sudo.enable = true;~~

# ... usual configuration ...

Line 56:

Line 53:

{

~~jobs~~ = pkgs.lib.mkIf (config.networking.hostname == "my-server") {

systemd.services = pkgs.lib.mkIf (config.networking.hostname == "my-server") {

ircSession = {

description = "Start the irc client of username.";

wantedBy = [ "multi-user.target" ];

~~startOn~~ = "~~started network-interfaces~~";

after = [ "network.target" ];

~~exec~~ = ''~~/var/setuid-wrappers/sudo -u username --~~ ${pkgs.screen}/bin/screen -~~m -d -S~~ irc ${pkgs.irssi}/bin/irssi'';

description = "Start the irc client of username.";

};

serviceConfig = {

Type = "forking";

User = "username";

ExecStart = ''${pkgs.screen}/bin/screen -dmS irc ${pkgs.irssi}/bin/irssi'';

ExecStop = ''${pkgs.screen}/bin/screen -S irc -X quit'';

};

environment.systemPackages = pkgs.lib.mkIf (config.networking.hostname == "my-server") [ pkgs.screen ];

~~security.sudo.enable = (config.networking.hostname == "my-server");~~

# ... usual configuration ...

Line 91:

Line 93:

pkgs.lib.mkIf (config.networking.hostname == "my-server") {

~~jobs~~.ircSession = {

systemd.services.ircSession = {

description = "Start the irc client of username.";

wantedBy = [ "multi-user.target" ];

~~startOn~~ = "~~started network-interfaces~~";

after = [ "network.target" ];

~~exec~~ = ''~~/var/setuid-wrappers/sudo -u username --~~ ${pkgs.screen}/bin/screen -~~m -d -S~~ irc ${pkgs.irssi}/bin/irssi'';

description = "Start the irc client of username.";

serviceConfig = {

Type = "forking";

User = "username";

ExecStart = ''${pkgs.screen}/bin/screen -dmS irc ${pkgs.irssi}/bin/irssi'';

ExecStop = ''${pkgs.screen}/bin/screen -S irc -X quit'';

};

environment.systemPackages = [ pkgs.screen ];

~~security.sudo.enable = true;~~

}

</syntaxhighlight>

If we organize our configuration like this, sharing it across machines is easier. In addition, our IRC client can be consistent across machines that choose to use it.

Line 140:

Line 147:

config = mkIf cfg.enable {

~~jobs~~.ircSession = {

systemd.services.ircSession = {

description = "Start the irc client of ~~${cfg.user}~~.";

wantedBy = [ "multi-user.target" ];

~~startOn~~ = "~~started network-interfaces~~";

after = [ "network.target" ];

~~exec~~ = ''~~/var/setuid-wrappers/sudo -u ${cfg.user} --~~ ${pkgs.screen}/bin/screen -~~m -d -S~~ irc ${pkgs.irssi}/bin/irssi'';

description = "Start the irc client of username.";

serviceConfig = {

Type = "forking";

User = "username";

ExecStart = ''${pkgs.screen}/bin/screen -dmS irc ${pkgs.irssi}/bin/irssi'';

ExecStop = ''${pkgs.screen}/bin/screen -S irc -X quit'';

};

environment.systemPackages = [ pkgs.screen ];

~~security.sudo.enable = true;~~

};

}

Line 229:

Line 241:

config = mkIf anyIrcClient {

environment.systemPackages = [ pkgs.screen ];

~~security.sudo.enable = true;~~

};

}

@@ Line 10: / Line 10: @@
 = Implementations =
-{{warning|text=The /var/setuid-wrappers directory is no longer current. For the new <code>security.wrappers</code> take a look at [https://github.com/NixOS/nixpkgs/blob/release-17.03/nixos/modules/security/wrappers/default.nix] and/or see https://nixos.org/nixos/manual/release-notes.html#sec-release-16.09}}
 == Quick Implementation ==
@@ Line 36: / Line 34: @@
     environment.systemPackages = [ pkgs.screen ];
-   security.sudo.enable = true;
     # ... usual configuration ...
@@ Line 56: / Line 53: @@
   {
-    jobs = pkgs.lib.mkIf (config.networking.hostname == "my-server") {
+    systemd.services = pkgs.lib.mkIf (config.networking.hostname == "my-server") {
-     ircSession = {
+      ircSession = {
-       description = "Start the irc client of username.";
+        wantedBy = [ "multi-user.target" ];
-       startOn = "started network-interfaces";
+        after = [ "network.target" ];
-       exec = ''/var/setuid-wrappers/sudo -u username -- ${pkgs.screen}/bin/screen -m -d -S irc ${pkgs.irssi}/bin/irssi'';
+        description = "Start the irc client of username.";
-     };
+        serviceConfig = {
+          Type = "forking";
+          User = "username";
+          ExecStart = ''${pkgs.screen}/bin/screen -dmS irc ${pkgs.irssi}/bin/irssi'';
+          ExecStop = ''${pkgs.screen}/bin/screen -S irc -X quit'';
+        };
+      };
     };
     environment.systemPackages = pkgs.lib.mkIf (config.networking.hostname == "my-server") [ pkgs.screen ];
-   security.sudo.enable = (config.networking.hostname == "my-server");
     # ... usual configuration ...
@@ Line 91: / Line 93: @@
   pkgs.lib.mkIf (config.networking.hostname == "my-server") {
-    jobs.ircSession = {
+    systemd.services.ircSession = {
-     description = "Start the irc client of username.";
+      wantedBy = [ "multi-user.target" ];
-     startOn = "started network-interfaces";
+      after = [ "network.target" ];
-     exec = ''/var/setuid-wrappers/sudo -u username -- ${pkgs.screen}/bin/screen -m -d -S irc ${pkgs.irssi}/bin/irssi'';
+      description = "Start the irc client of username.";
+      serviceConfig = {
+        Type = "forking";
+        User = "username";
+        ExecStart = ''${pkgs.screen}/bin/screen -dmS irc ${pkgs.irssi}/bin/irssi'';
+        ExecStop = ''${pkgs.screen}/bin/screen -S irc -X quit'';
+      };
     };
     environment.systemPackages = [ pkgs.screen ];
-   security.sudo.enable = true;
+}
- }
 </syntaxhighlight>
 If we organize our configuration like this, sharing it across machines is easier. In addition, our IRC client can be consistent across machines that choose to use it.
@@ Line 140: / Line 147: @@
     config = mkIf cfg.enable {
-      jobs.ircSession = {
+      systemd.services.ircSession = {
-        description = "Start the irc client of ${cfg.user}.";
+       wantedBy = [ "multi-user.target" ];
-        startOn = "started network-interfaces";
+       after = [ "network.target" ];
-       exec = ''/var/setuid-wrappers/sudo -u ${cfg.user} -- ${pkgs.screen}/bin/screen -m -d -S irc ${pkgs.irssi}/bin/irssi'';
+        description = "Start the irc client of username.";
+        serviceConfig = {
+         Type = "forking";
+         User = "username";
+         ExecStart = ''${pkgs.screen}/bin/screen -dmS irc ${pkgs.irssi}/bin/irssi'';
+         ExecStop = ''${pkgs.screen}/bin/screen -S irc -X quit'';
+       };
       };
       environment.systemPackages = [ pkgs.screen ];
-     security.sudo.enable = true;
     };
   }
@@ Line 229: / Line 241: @@
     config = mkIf anyIrcClient {
       environment.systemPackages = [ pkgs.screen ];
-     security.sudo.enable = true;
     };
   }